Forum Discussion

THE_BLUE's avatar
THE_BLUE
Icon for Cirrostratus rankCirrostratus
Oct 24, 2024

BIG-IP HSB vulnerability CVE-2024-39778

When a stateless virtual server is configured on a BIG-IP system with a High-Speed Bridge (HSB), undisclosed requests can cause virtual servers to stop processing client connections and the Traffic Management Microkernel (TMM) to terminate. (CVE-2024-39778)

 

https://my.f5.com/manage/s/article/K05710614 

 

what does High-Speed Bridge (HSB) mean ? and from where i can check this ? also if HSB not enabled so does this mean i am not vulnerable ? 

application delivery
security
  • boneyard's avatar
    boneyard
    Oct 27, 2024

    an easy search turns this article up for a stateless virtual server:

    https://my.f5.com/manage/s/article/K13675

    so , i am vulnerable if i meet the two condition? system with a High-Speed Bridge (HSB) and stateless virtual server ? otherwise I am good? 

    correct.

  • Aswin_mk's avatar
    Aswin_mk
    Oct 28, 2024

    Yes, you are correct, and you need to be vulnerable if both the condition matches. Also there are new vulnerabilities relating old version. You can try to proceed with latest versions in 17.x to get more stable and vulnerability fixed version.

  • Aswin_mk's avatar
    Aswin_mk
    Icon for Cumulonimbus rankCumulonimbus
    Oct 24, 2024

    Yes. Hsb is not there you are not vulnerable. 

    Below lists the BIG-IP platforms utilizing the HSB chips:

    If your device note in this it's not.

     

    BIG-IP 5000 (C109)

    BIG-IP 7000 (D110)

    BIG-IP 12250 (D111)

    BIG-IP 10000 (D113)

    BIG-IP 10350 (D112)

    BIG-IP 11000 (E101)

    BIG-IP 11050 (E102)

    VIPRION B4300 Blade (A108)

    VIPRION B4340N Blade (A110)

    VIPRION B4450N Blade (A114)

    BIG-IP iSeries i4x00 (C115)

    BIG-IP iSeries i10000(C116)

    BIG-IP iSeries i2x00 (C117)

    BIG-IP iSeries i7000 (C118)

    BIG-IP iSeries i7820-DF (C126)

    BIG-IP iSeries i5000 (C119)

    BIG-IP iSeries i5820-DF (C125)

    BIG-IP iSeries i11000 (C123)

    BIG-IP iSeries i11x00-DS (C124)

    BIG-IP iSeries i15000 (D116)

    BIG-IP iSeries i15820-DF (D120)

    VIPRION B2100 Blade (A109)

    VIPRION B2150 Blade (A113)

    VIPRION B2250 Blade (A112)

     

    Br

    Aswin

  • THE_BLUE's avatar
    THE_BLUE
    Icon for Cirrostratus rankCirrostratus
    Oct 27, 2024

    so let say Hsb is there, but in cve description they have mentioned "When a stateless virtual server is configured on a BIG-IP system with a High-Speed Bridge (HSB), " what they mean by stateless virtual server ? and does this mean if there no stateless virtual server is configured i am not vulnerable ? 

     

    so , i am vulnerable if i meet the two condition? system with a High-Speed Bridge (HSB) and stateless virtual server ? otherwise I am good? 

    • boneyard's avatar
      boneyard
      Icon for MVP rankMVP
      Oct 27, 2024

      an easy search turns this article up for a stateless virtual server:

      https://my.f5.com/manage/s/article/K13675

      so , i am vulnerable if i meet the two condition? system with a High-Speed Bridge (HSB) and stateless virtual server ? otherwise I am good? 

      correct.

    • Aswin_mk's avatar
      Aswin_mk
      Icon for Cumulonimbus rankCumulonimbus
      Oct 28, 2024

      Yes, you are correct, and you need to be vulnerable if both the condition matches. Also there are new vulnerabilities relating old version. You can try to proceed with latest versions in 17.x to get more stable and vulnerability fixed version.