cancel
Showing results for 
Search instead for 
Did you mean: 
Login & Join the DevCentral Connects Group to watch the Recorded LiveStream (May 12) on Basic iControl Security - show notes included.

BIG-IP Version | Vulnerability

RAQS
Cirrus
Cirrus

Hi Team,

 

Hope you all are safe!

 

We have seen multiple vulnerabilities impacting on 12 and 13 series. Version known to be vulnerable on 13 series are 13.1.0 - 13.1.3. And we are on 13.1.3.4.

 

So can you please let me know version 13.1.3.4 is vulnerable or not when F5 mention as "Version known to be vulnerable on 13 series are 13.1.0 - 13.1.3"

 

https://support.f5.com/csp/article/K02453220

https://support.f5.com/csp/article/K66544153

https://support.f5.com/csp/article/K66544153

 

 

Regards,

Shekhars

1 REPLY 1

Lidev
MVP
MVP

Hi RAQS,

 

Yes, version 13.1.3.4 is vulnerable.

 

for a better understanding of security advisory versioning : https://support.f5.com/csp/article/K51812227

 

"Versions known to be vulnerable: [...] Point releases and hotfixes are not listed in this column, unless a vulnerability is specifically introduced in a given point release or hotfix.

For example, if 13.1.0 is listed as vulnerable, then 13.1.0.1 and 13.1.0.2 are also considered vulnerable if neither of those point releases are listed in the Fixes introduced in column.[...]

 

Regards