Refer to theFirePasssection of theVulnerability Recommended Actions** section.
Vulnerability Recommended Actions
If you are running a version listed in theVersions known to be vulnerablecolumn, you can eliminate this vulnerability by upgrading to a version listed in the** Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.
BIG-IP
You can mitigate this vulnerability by disabling the RC4 cipher for the vulnerable component/feature. For instructions on how to disable ciphers on SSL profiles, refer to SOL13171: Configuring the cipher strength for SSL profiles (11.x) or SOL7815: Configuring the cipher strength for SSL profiles (9.x - 10.x), depending on your version.
For instructions on how to disable ciphers in the Configuration utility, refer to SOL13405: Restricting Configuration utility access to clients using high encryption SSL ciphers (11.x - 12.x) or SOL6768: Restricting Configuration utility access to clients using high encryption SSL ciphers (9.x - 10.x), depending on your version. You can mitigate this Configuration utility vulnerability by permitting access to the system only over a secure network.
BIG-IQ and Enterprise Manager
For instructions on how to disable ciphers in the Configuration utility, refer to SOL13405: Restricting Configuration utility access to clients using high encryption SSL ciphers (11.x - 12.x) or SOL6768: Restricting Configuration utility access to clients using high encryption SSL ciphers (9.x - 10.x), depending on your version. You can mitigate this Configuration utility vulnerability by permitting access to the system only over a secure network.
FirePass
For information about the hotfix status, contact F5 Technical Support.
ARX
To mitigate this vulnerability, you should permit access to the ARX GUI only over a secure network.
LineRate
To mitigate this vulnerability, you should use the default Cipher List or explicitly specify !RC4 in the Cipher List for the SSL profiles.
Traffix SDC
To mitigate this vulnerability for HTTP<=>Diameter traffic that uses HTTPS, you should not add RC4 to the TLS Cipher List. To mitigate this vulnerability for the WebUI, you should disableRC4 in your client web browser.
Supplemental Information
support.f5.com/kb/en-us/solutions/public/0000/100/sol167.html
support.f5.com/kb/en-us/solutions/public/10000/200/sol10262.html
support.f5.com/kb/en-us/solutions/public/11000/400/sol11444.html
support.f5.com/kb/en-us/solutions/public/13000/100/sol13156.html
support.f5.com/kb/en-us/solutions/public/13000/100/sol13163.html
support.f5.com/kb/en-us/solutions/public/3000/400/sol3430.html
support.f5.com/kb/en-us/solutions/public/4000/600/sol4602.html
support.f5.com/kb/en-us/solutions/public/4000/900/sol4918.html
support.f5.com/kb/en-us/solutions/public/9000/900/sol9957.html
support.f5.com/kb/en-us/solutions/public/9000/900/sol9970.html