For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

siru_129409's avatar
siru_129409
Icon for Nimbostratus rankNimbostratus
Nov 07, 2015

F5 Vulnerability CVE-2015-7394 - Recomonded action

Hi all,

 

Recently I implemented F5 LTM,APM,ASM in one of our customer site, with the software version of 11.6 HF5. Everything was working fine with this software version. Now recently I came to know that there is a vulnerability (CVE-2015-7394) for this version, and the customer is planning to publish their application on this week.

 

Can I move the box to production by keeping the same software version if the vulnerability is a negligible one or is it necessary to Upgrade the box to next release (Version 12) and then put in production

 

can I get a advice on this.?

 

I heard in Version 12 ASM Configuration window is changed and I just want know what are the other changes on Version 12.

 

any help would be highly appreciated

 

BIG-IP Access Policy Manager (APM)
deployment
design
ihealth
security
TMSH

5 Replies

  • Renato's avatar
    Renato
    Icon for Altostratus rankAltostratus
    Nov 07, 2015

    It seems to be exploitable only by users who already have administrative access to the device, what would permit them to elevate their privileges by exploiting the vulnerability. If all administrative users already have admin/root privilege, I really don't see why they would have any interest on exploiting this.

     

    Well.... Considering the risk of changing/upgrading the BIG-IP version with all the configuration problems you may face doing that, I would prefer to wait for a hotfix for your version.

     

    This is only my opinion.

     

    Source: SOL17407: Datastor kernel vulnerability CVE-2015-7394

     

  • Brad_Parker_139's avatar
    Brad_Parker_139
    Icon for Nacreous rankNacreous
    Nov 11, 2015

    Don't go to v12.0 in production yet! It is brand spanking new and even F5 doesn't recommend going to x.0 versions in prod unless you are prepared for undocumented bugs. Wait for v12.1 if at all possible. As mentioned above, this exploit is not very "exploitable" even though the severity is high. If bad users are already able to login as admin you have way more issue to worry about.

     

  • Brad_Parker's avatar
    Brad_Parker
    Icon for Cirrus rankCirrus
    Nov 11, 2015

    Don't go to v12.0 in production yet! It is brand spanking new and even F5 doesn't recommend going to x.0 versions in prod unless you are prepared for undocumented bugs. Wait for v12.1 if at all possible. As mentioned above, this exploit is not very "exploitable" even though the severity is high. If bad users are already able to login as admin you have way more issue to worry about.