Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
f5F5SOL17047
HistoryAug 18, 2015 - 12:00 a.m.

SOL17047 - ICMP packet processing vulnerability CVE-2015-5058

2015-08-1800:00:00
support.f5.com
17

0.002 Low

EPSS

Percentile

64.4%

JSON

Vulnerability Recommended Actions

If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in theVersions known to be not vulnerable column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.

To determine the necessary upgrade path for your BIG-IQ system, you should understand the BIG-IQ product offering name changes. For more information, refer to SOL21232150: Considerations for upgrading BIG-IQ or F5 iWorkflow.

F5 responds to vulnerabilities in accordance with the Severity values published in the previous table. The**Severity **values and other security vulnerability parameters are defined in SOL4602: Overview of the F5 security vulnerability response policy.

Mitigating this vulnerability

To mitigate this vulnerability, you should consider the following recommendations:

  • Block fragmented Internet Control Message Protocol (ICMP) traffic by using an upstream firewall.
  • Block fragmented ICMP traffic by using BIG-IP AFM denial-of-service (DOS) protection. To do so you can use the following command:

tmsh modify security dos device-config dos-device-config dos-device-vector { icmp-frag { default-internal-rate-limit 0 } }

  • Block all ICMP traffic by using an upstream firewall or the BIG-IP AFM module.

Important: Blocking all ICMP traffic prevents PMTU (Path MTU discovery) from functioning, and may impact other network services that rely on ICMP. F5 recommends that you evaluate the potential impact of blocking all ICMP traffic in your environment. For information about blocking ICMP traffic with the BIG-IP AFM module, refer to theDeploying the BIG-IP Network Firewall in ADC Mode chapter of the BIG-IP Network Firewall: Policies and Implementations guide, and browse theAdding a firewall rule to deny ICMP section.

Note: BIG-IP packet filters cannot be used to mitigate this vulnerability.

Supplemental Information

  • SOL9970: Subscribing to email notifications regarding F5 products
  • SOL9957: Creating a custom RSS feed to view new and updated documents
  • SOL4918: Overview of the F5 critical issue hotfix policy
  • SOL167: Downloading software and firmware from F5
  • SOL13123: Managing BIG-IP product hotfixes (11.x - 12.x)
  • SOL15106: Managing BIG-IQ product hotfixes
  • SOL15113: BIG-IQ hotfix matrix

Related

nessus 1
nvd 1
f5 1
cvelist 1
openvas 1
cve 1
prion 1
nessus
nessus
F5 Networks BIG-IP : ICMP packet processing vulnerability (SOL17047)
2015-08-19 00:00:00
nvd
nvd
CVE-2015-5058
2015-08-24 14:59:05
f5
f5
K17047 : ICMP packet processing vulnerability CVE-2015-5058
2015-09-14 00:00:00
cvelist
cvelist
CVE-2015-5058
2015-08-24 14:00:00
openvas
openvas
F5 BIG-IP - ICMP packet processing vulnerability CVE-2015-5058
2015-08-31 00:00:00
cve
cve
CVE-2015-5058
2015-08-24 14:59:05
prion
prion
Memory corruption
2015-08-24 14:59:00

0.002 Low

EPSS

Percentile

64.4%

JSON
Related for SOL17047
nessus1nvd1f51cvelist1openvas1cve1prion1