vulnerabilities-CVE-2020-16150 & CVE-2013-0169

Question

CVE-2020-16150 &amp; CVE-2013-0169 these vulnerabilities are applicable for f5 ltm version 16.1.4&nbsp;Thanks&nbsp;

aaronjb · Answer

CVE-2013-0169 is documented here: https://my.f5.com/manage/s/article/K14190 and BIG-IP products have not been vulnerable to this since 11.4.0 which was released a long time ago. The article stops at 14.0.0 simply because that is when the article was marked as Final, but all versions later than 14.0.0 are also Not Vulnerable and this should be assumed whenever a Security Advisory is marked Final and the last "Not Vulnerable" version is earlier than the one you are running.
&nbsp;
CVE-2020-16150 describes a Lucky 13 vulnerability in mbedtls which F5 does not use in any Products or Services and is therefore Not Vulnerable to; we do not have a Security Advisory on this since we have never been officially asked. If you require a Security Advisory to be published please open a support case where Support will work with you to provide an official response and Security Advisory.

Forum Discussion

vulnerabilities-CVE-2020-16150 & CVE-2013-0169

1 Reply

Recent Discussions

What happens if I only enable ASM in BIG-IP Under System > Resource Provisioning

URL

Migration from i series 10200 with 1 child VCMP to r series 10900 series

Azure DP-100 Exam Questions

Deploying F5 WAF in front of Azure Web App Services

Related Content

Chrome v30 Triggers v10.2.x TLS and ClientHello Bugs -- Sites Down