CVE-2015-1793

Question

Hi,&nbsp;
Does anyone know if F5 devices are affected by this OpenSSL vulnerability, CVE-2015-1793?&nbsp;
Thanks!&nbsp;

steigman1978_87 · Answer

Hi Nolipineda,
there is a SOL available for CVE-2015-1793 but currently it´s not showing any more details i.e. Version or Vulnerable component.&nbsp;
SOL16937
https://support.f5.com/kb/en-us/solutions/public/16000/900/sol16937.html&nbsp;
F5 is still researching, so it´s up to us of waiting for any SOL Updates.&nbsp;
Would be also interesting to know whether the use of “native” Cipher will mitigate that vulnerability as they have been implemented into hardware.&nbsp;
https://support.f5.com/kb/en-us/solutions/public/13000/100/sol13163.html&nbsp;
Additional to CVE-2015-1793 another SOL for CVE-2015-1788 which might be worth to have a look in:
 https://support.f5.com/kb/en-us/solutions/public/16000/900/sol16938.html?ref=rss&nbsp;
cheers,
 Steigman&nbsp;

john_heyer_1508 · Answer

The affected OpenSSL versions have been out less than a month:&nbsp;
https://www.openssl.org/news/openssl-1.0.2-notes.html&nbsp;
https://www.openssl.org/news/openssl-1.0.1-notes.html&nbsp;
I doubt any vendor has based their software off these version.  Also, this really more of a client side vulnerability than server, so you'd have to trick the device in to opening a connection to a non-trusted site, which is not going to be easy.  &nbsp;
In short, nothing to see here, move along...&nbsp;

Forum Discussion

CVE-2015-1793

2 Replies

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

2026 301a exam

VIP is not responding on SYN after enabling other modules like ASM, APM and AFM.

VIP in https that redirect to another vip in https

F5OS login with admin/root failed via console

UCS Encryption Question

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS