PT-2018-4220 · F5 · F5 Big-Ip
Published
2018-03-19
·
Updated
2023-04-24
·
CVE-2014-4024
CVSS v2.0
4.3
Medium
| Vector | AV:N/AC:M/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
F5 BIG-IP systems versions 10.x through 10.2.4 before HF9
F5 BIG-IP systems versions 11.x through 11.2.1 before HF12
F5 BIG-IP systems version 11.3.0 before HF10
F5 BIG-IP systems version 11.4.0 before HF8
F5 BIG-IP systems version 11.4.1 before HF5
F5 BIG-IP systems version 11.5.0 before HF5
F5 BIG-IP systems version 11.5.1 before HF5
Description
The issue might allow remote attackers to have an unspecified impact via a timing side-channel attack when SSL virtual servers in F5 BIG-IP systems are used with third-party Secure Sockets Layer (SSL) accelerator cards.
Recommendations
For F5 BIG-IP systems versions 10.x through 10.2.4, update to at least version 10.2.4 HF9.
For F5 BIG-IP systems versions 11.x through 11.2.1, update to at least version 11.2.1 HF12.
For F5 BIG-IP systems version 11.3.0, update to at least version 11.3.0 HF10.
For F5 BIG-IP systems version 11.4.0, update to at least version 11.4.0 HF8.
For F5 BIG-IP systems version 11.4.1, update to at least version 11.4.1 HF5.
For F5 BIG-IP systems version 11.5.0, update to at least version 11.5.0 HF5.
For F5 BIG-IP systems version 11.5.1, update to at least version 11.5.1 HF5.
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
F5 Big-Ip