For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Carlos_13563's avatar
Carlos_13563
Icon for Cirrus rankCirrus
Apr 08, 2014

CVE-2014-0160 notification just came out.

Is F5 affected by this CVE-2014-0160?  
Joe_M's avatar
Joe_M
Icon for Nimbostratus rankNimbostratus
Apr 08, 2014

only 11.5.0 is affected and only if you are using the compat cipher suite instead of the native suite. Below is a copy of an email from an F5 field engineer.

 

Only TMOS 11.5.0 is vulnerable to CVE-2014-0160, and then only on management or on VIPS using the 'COMPAT' ciphers. VIPS using the NATIVE ciphers, which is the default, are not affected. TMOS less than 11.5.0 is not affected. ID456033 is open for this CVE and I'm working on getting a SOL created.

 

Also, here is some more info on the vulnerability.

 

http://www.openssl.org/news/vulnerabilities.html2014-0160 http://www.openssl.org/news/secadv_20140407.txt http://support.f5.com/kb/en-us/solutions/public/14000/400/sol14457.html http://heartbleed.com/ http://filippo.io/Heartbleed/ https://devcentral.f5.com/questions/openssl-and-heart-bleed-vuln