CVE-2015-1793

Question

Hi,&nbsp;
Does anyone know if F5 devices are affected by this OpenSSL vulnerability, CVE-2015-1793?&nbsp;
Thanks!&nbsp;

steigman1978_87 · Answer

Hi Nolipineda,
there is a SOL available for CVE-2015-1793 but currently it´s not showing any more details i.e. Version or Vulnerable component.&nbsp;
SOL16937
https://support.f5.com/kb/en-us/solutions/public/16000/900/sol16937.html&nbsp;
F5 is still researching, so it´s up to us of waiting for any SOL Updates.&nbsp;
Would be also interesting to know whether the use of “native” Cipher will mitigate that vulnerability as they have been implemented into hardware.&nbsp;
https://support.f5.com/kb/en-us/solutions/public/13000/100/sol13163.html&nbsp;
Additional to CVE-2015-1793 another SOL for CVE-2015-1788 which might be worth to have a look in:
 https://support.f5.com/kb/en-us/solutions/public/16000/900/sol16938.html?ref=rss&nbsp;
cheers,
 Steigman&nbsp;

john_heyer_1508 · Answer

The affected OpenSSL versions have been out less than a month:&nbsp;
https://www.openssl.org/news/openssl-1.0.2-notes.html&nbsp;
https://www.openssl.org/news/openssl-1.0.1-notes.html&nbsp;
I doubt any vendor has based their software off these version.  Also, this really more of a client side vulnerability than server, so you'd have to trick the device in to opening a connection to a non-trusted site, which is not going to be easy.  &nbsp;
In short, nothing to see here, move along...&nbsp;

Forum Discussion

CVE-2015-1793

Recent Discussions

Background Tasks

APM with EntraID as idP / request signed

Should config via cli rather than gui?

APM Modern Customization - modify Header in user-common.js and form in user-logon.js

Which process is consuming higher CPU

Related Content

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS