Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions
Custom Alert Banner

F5 AppWorld 2024 session proposal deadline extended to Friday, December 8th!

BIG-IP Version | Vulnerability

RAQS
Cirrus
Cirrus

‎23-Aug-2020 21:14

Hi Team,

 

Hope you all are safe!

 

We have seen multiple vulnerabilities impacting on 12 and 13 series. Version known to be vulnerable on 13 series are 13.1.0 - 13.1.3. And we are on 13.1.3.4.

 

So can you please let me know version 13.1.3.4 is vulnerable or not when F5 mention as "Version known to be vulnerable on 13 series are 13.1.0 - 13.1.3"

 

https://support.f5.com/csp/article/K02453220

https://support.f5.com/csp/article/K66544153

https://support.f5.com/csp/article/K66544153

 

 

Regards,

Shekhars

Labels:
0 Kudos
1 REPLY 1

Lidev
MVP
MVP

‎24-Aug-2020 01:47

Hi RAQS,

 

Yes, version 13.1.3.4 is vulnerable.

 

for a better understanding of security advisory versioning : https://support.f5.com/csp/article/K51812227

 

"Versions known to be vulnerable: [...] Point releases and hotfixes are not listed in this column, unless a vulnerability is specifically introduced in a given point release or hotfix.

For example, if 13.1.0 is listed as vulnerable, then 13.1.0.1 and 13.1.0.2 are also considered vulnerable if neither of those point releases are listed in the Fixes introduced in column.[...]

 

Regards

 

0 Kudos
Copyright © 2023 Khoros, LLC