Any official statement on latest openssl vulnerability CVE-2014-3569 ?

Question

Are any versions impacted for CVE-2014-3569 ? &nbsp;
The NVD score is Medium but it seems so easy to exploit this remotely and it is also pre-authentication so mandatory client certificates will not help you either.&nbsp;
Any iRule logic to identify the signature via binary scan ? &nbsp;
Best.&nbsp;

brad_parker · Answer

Since it is OpenSSL I would assume it would only affect the management GUI and potentially SSL profiles that use COMPAT ciphers. As with many OpenSSL vulnerabilities, one would assume if you are using the NATIVE cipher stack, the traffic interface shouldn't be affected.

pascal_tene_910 · Answer

This only affects OpenSSL 1.0.1j. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3569
You can check which openSSL version you are using from CLI by running the command openssl version.
BigIP version 11.6.0 uses OpenSSL 1.0.1h. it is highly probable that no BigIP version is affected by this CVE.
No Official statement at the moment.&nbsp;

Forum Discussion

Any official statement on latest openssl vulnerability CVE-2014-3569 ?

2 Replies

Bram - January 2026 Featured Member

F5 Container Ingress Services (CIS) and using k8s traffic policies to send traffic directly to pods

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

Can one create one virtual server with two pool members with multiple services running on it?

Maintenance page / local website that includes subfolders

AWS F5_OWASP Managed Rule Blocking requests

AST Configuration help

rSeries Configuration Backup

Related Content

OpenSSH vulnerability

Mitigating Log4j Vulnerability using F5 BIG-IP

BYOEDR, Undetectable backdoor, WhoFi, Cyberattack to airline, and Clickjacking vulnerability

Comparing iRule Control Statements

Coordinated Vulnerability Disclosure: A Balanced Approach

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS