For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Duncan_Proffitt's avatar
Duncan_Proffitt
Icon for Altostratus rankAltostratus
Jan 22, 2018

What patches have been applied?

If I am presented with this information from my Risk and Compliance team.

F5: K04225025: tcpdump vulnerabilities CVE-2017-5202, CVE-2017-5203, CVE-2017-5204, CVE-2017-5205, and CVE-2017-5342

How would I find out if this patch has been applied .. thank you muchly

application delivery
BIG-IP
LTM

6 Replies

  • kolom_265617's avatar
    kolom_265617
    Icon for Cirrostratus rankCirrostratus
    Jan 22, 2018

    You need to upgrade your software version to one of the following based on your current running version (11.6.2 , 12.1.3 , 13.1.0 ) , or you can invoke the -w option in your tcpdump syntax to write raw packets to a pcap file for offline examination.

     

    check this link.

     

    • Duncan_Proffitt's avatar
      Duncan_Proffitt
      Icon for Altostratus rankAltostratus
      Jan 22, 2018

      Thank you Kolom, for such a prompt answer. What happens if I have 50 of the same message about other patches?

       

      F5: K32262483: NTP vulnerability CVE-2017-6451

       

      F5: K74759095: SafeNet External Network HSM script vulnerability CVE-2017-6165

       

      F5: K82508682: Linux kernel vulnerability CVE-2017-6074

       

      F5: K62279530: ConfigSync mcpd vulnerability CVE-2017-616 ... ad infinitum

       

      We have just upgraded to 12.1.3 and the roadmap for theupgrade to 13.x is a long and winding road .. that leads to ... a Chris Rea song ...

       

    • kolom_265617's avatar
      kolom_265617
      Icon for Cirrostratus rankCirrostratus
      Jan 22, 2018

      With a quick search , BIGIP 12.1.3 is not vulnerable to any of these vulnerabilities . If you have access to F5 support portal , you can generate a QKVIEW file , upload it to , and it will give you under the diagnostics tab a nice list of exposed vulnerabilities in your version. and each entry will have a hyperlink attached that will lead you to an official KB including versions that are not vulnerable or how to mitigate it using some configuration options.

       

  • kolom's avatar
    kolom
    Icon for Altostratus rankAltostratus
    Jan 22, 2018

    You need to upgrade your software version to one of the following based on your current running version (11.6.2 , 12.1.3 , 13.1.0 ) , or you can invoke the -w option in your tcpdump syntax to write raw packets to a pcap file for offline examination.

     

    check this link.

     

    • Duncan_Proffitt's avatar
      Duncan_Proffitt
      Icon for Altostratus rankAltostratus
      Jan 22, 2018

      Thank you Kolom, for such a prompt answer. What happens if I have 50 of the same message about other patches?

       

      F5: K32262483: NTP vulnerability CVE-2017-6451

       

      F5: K74759095: SafeNet External Network HSM script vulnerability CVE-2017-6165

       

      F5: K82508682: Linux kernel vulnerability CVE-2017-6074

       

      F5: K62279530: ConfigSync mcpd vulnerability CVE-2017-616 ... ad infinitum

       

      We have just upgraded to 12.1.3 and the roadmap for theupgrade to 13.x is a long and winding road .. that leads to ... a Chris Rea song ...

       

    • kolom's avatar
      kolom
      Icon for Altostratus rankAltostratus
      Jan 22, 2018

      With a quick search , BIGIP 12.1.3 is not vulnerable to any of these vulnerabilities . If you have access to F5 support portal , you can generate a QKVIEW file , upload it to , and it will give you under the diagnostics tab a nice list of exposed vulnerabilities in your version. and each entry will have a hyperlink attached that will lead you to an official KB including versions that are not vulnerable or how to mitigate it using some configuration options.