Forum Discussion

Amit_Karnik's avatar
Amit_Karnik
Icon for Nimbostratus rankNimbostratus
Dec 29, 2014

Any official statement on latest openssl vulnerability CVE-2014-3569 ?

Are any versions impacted for CVE-2014-3569 ?   The NVD score is Medium but it seems so easy to exploit this remotely and it is also pre-authentication so mandatory client certificates will not h...
application delivery
devops
iRules
LTM
security
TMOS
TMSH
Pascal_Tene_910's avatar
Pascal_Tene_910
Historic F5 Account
Jan 01, 2015

This only affects OpenSSL 1.0.1j. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3569 You can check which openSSL version you are using from CLI by running the command openssl version. BigIP version 11.6.0 uses OpenSSL 1.0.1h. it is highly probable that no BigIP version is affected by this CVE. No Official statement at the moment.