Forum Discussion
cathy_123
Cirrostratus
Cirrostratushow to solve CVE-2019-3855 in F5
HI F5
Our scanner saw we have CVE-2019-3855 vulnerability in our F5 however I cannot see much information regarding this vulnerability in f5.
Our F5 version is 13.1.1.4
Thank you!
- Lidev
Nacreous
Hello cathy,
This CVE target libssh2 vulnerabilty and affected all versions including 1.8.0.
F5 BIG-IP v13.1.1.4 run CentOS 6.8, Linux Kernel 3.10.0 (64-bit kernel only) and use libssh2-1.4.2-2, that's why your scanner raise an alert.
The version 14.1.0/15.0 use libssh2-1.4.3-10 so the upgrade doesn't solve this vulnerabilty.
Maybe try to open a F5 support case to see if they can provide you with a hotfix.
cathy_123Thank you Lidev! Ill contact F5 regarding this. Thnaks!
