CVE-2015-1793

Question

Hi,&nbsp;
Does anyone know if F5 devices are affected by this OpenSSL vulnerability, CVE-2015-1793?&nbsp;
Thanks!&nbsp;

steigman1978_87 · Answer

Hi Nolipineda,
there is a SOL available for CVE-2015-1793 but currently it´s not showing any more details i.e. Version or Vulnerable component.&nbsp;
SOL16937
https://support.f5.com/kb/en-us/solutions/public/16000/900/sol16937.html&nbsp;
F5 is still researching, so it´s up to us of waiting for any SOL Updates.&nbsp;
Would be also interesting to know whether the use of “native” Cipher will mitigate that vulnerability as they have been implemented into hardware.&nbsp;
https://support.f5.com/kb/en-us/solutions/public/13000/100/sol13163.html&nbsp;
Additional to CVE-2015-1793 another SOL for CVE-2015-1788 which might be worth to have a look in:
 https://support.f5.com/kb/en-us/solutions/public/16000/900/sol16938.html?ref=rss&nbsp;
cheers,
 Steigman&nbsp;

john_heyer_1508 · Answer

The affected OpenSSL versions have been out less than a month:&nbsp;
https://www.openssl.org/news/openssl-1.0.2-notes.html&nbsp;
https://www.openssl.org/news/openssl-1.0.1-notes.html&nbsp;
I doubt any vendor has based their software off these version.  Also, this really more of a client side vulnerability than server, so you'd have to trick the device in to opening a connection to a non-trusted site, which is not going to be easy.  &nbsp;
In short, nothing to see here, move along...&nbsp;

Forum Discussion

CVE-2015-1793

2 Replies

SSO Login Update Coming to DevCentral

Kevin - June 2026 Featured F5er

Tyler - May 2026 Featured Member

Recent Discussions

ASM attack signatures not syncing between active and standby F5

Hardware BIG-IP appliance reach EOSS, but the software version running on it not yet?

VPN Communication Error with F5 BIG-IP Edge Client

simultaneous disabling / enabling of all LTM objects

Query on source IP preservation for syslog traffic through F5 virtual server

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS