Recommended Action
If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version in the column, then no upgrade candidate currently exists.
F5 is responding to this vulnerability as determined by the parameters defined in SOL4602: Overview of the F5 security vulnerability response policy.
BIG-IP
To mitigate this vulnerability, you should consider the following recommendations:
To disable client certificate authentication for the BIG-IP Configuration utility, perform the following procedure:
Impact of action: Performing the following procedure should not have a negative impact on your system.
tmsh
2. Disable the client certificate authentication by typing the following command:
modify /sys httpd ssl-ca-cert-file none ssl-verify-client no
save /sys config
LineRate
To mitigate the risk posed by this vulnerability for the affected LineRate versions, you can remove the affected trusted Certificate Authority in the SSL component. For information about removing trusted Certificate Authority for LineRate, refer to the following guides:
Note: The following links take you to a resource outside of AskF5. The third party could remove the documents without our knowledge.
Supplemental Information