Forum Discussion
vulnerabilities-CVE-2020-16150 & CVE-2013-0169
CVE-2013-0169 is documented here: https://my.f5.com/manage/s/article/K14190 and BIG-IP products have not been vulnerable to this since 11.4.0 which was released a long time ago. The article stops at 14.0.0 simply because that is when the article was marked as Final, but all versions later than 14.0.0 are also Not Vulnerable and this should be assumed whenever a Security Advisory is marked Final and the last "Not Vulnerable" version is earlier than the one you are running.
CVE-2020-16150 describes a Lucky 13 vulnerability in mbedtls which F5 does not use in any Products or Services and is therefore Not Vulnerable to; we do not have a Security Advisory on this since we have never been officially asked. If you require a Security Advisory to be published please open a support case where Support will work with you to provide an official response and Security Advisory.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com