F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

Carlos_13563's avatar
Carlos_13563
Icon for Cirrus rankCirrus
Apr 08, 2014

CVE-2014-0160 notification just came out.

Is F5 affected by this CVE-2014-0160?  
Joe_M's avatar
Joe_M
Icon for Nimbostratus rankNimbostratus
Apr 08, 2014

only 11.5.0 is affected and only if you are using the compat cipher suite instead of the native suite. Below is a copy of an email from an F5 field engineer.

 

Only TMOS 11.5.0 is vulnerable to CVE-2014-0160, and then only on management or on VIPS using the 'COMPAT' ciphers. VIPS using the NATIVE ciphers, which is the default, are not affected. TMOS less than 11.5.0 is not affected. ID456033 is open for this CVE and I'm working on getting a SOL created.

 

Also, here is some more info on the vulnerability.

 

http://www.openssl.org/news/vulnerabilities.html2014-0160 http://www.openssl.org/news/secadv_20140407.txt http://support.f5.com/kb/en-us/solutions/public/14000/400/sol14457.html http://heartbleed.com/ http://filippo.io/Heartbleed/ https://devcentral.f5.com/questions/openssl-and-heart-bleed-vuln