Help needed to understand KB of f5

Question

HiYesterday F5 published K56412001: BIG-IP SSL OCSP Authentication profile vulnerability CVE-2023-22323 has been published https://my.f5.com/manage/s/article/K56412001.In the KB F5, mention the following in terms of vulnerability.Currently, I am using 15.1.2.1-0.x.x. Am I vulnerable as F5 mentioned Branch 15.x and Versions known to be vulnerable is 15.1.0 - 15.1.8.

amine_kadimi · Answer

15.1.2.1-0.x.x is within the vulnerable range.
You can also upload a qkview to ihealth and get all the known vulnerabilities for your specific version.
&nbsp;

radekr · Answer

iHealth is free but requires registration.Quick video overview of iHealth:https://www.youtube.com/watch?v=UFg7_3-HL5AVulnerabilietes can be found in diagnostic tab.

amine_kadimi · Answer

Because in this case you consider your release to be 15.1.2 which is within the vulnerable range. Quoting from https://my.f5.com/manage/s/article/K51812227:
Versions known to be vulnerable: The range of product versions within each branch that are confirmed by F5 Product Development as vulnerable. Point releases and hotfixes are not listed in this column, unless a vulnerability is specifically introduced in a given point release or hotfix. Vulnerable versions include all point releases or hotfixes for a given software version. For example, if 13.1.0 is listed as vulnerable, then 13.1.0.1 and 13.1.0.2 are also considered vulnerable if neither of those point releases are listed in the&nbsp;Fixes introduced in&nbsp;column.&nbsp;

rockbd · Answer

I am very new to f5 BIG-IP in terms of using its features.Can you please guide how to use ihealth for vulnerabilities? Is this free, or do I need to have the subscription?

rockbd · Answer

Thanks for the reply.Thanks for the information on iHealth.&nbsp;You told me that 15.1.2.1-0.x.x is within the vulnerable range. How may I know,&nbsp; according to K56412001: BIG-IP SSL OCSP Authentication profile vulnerability CVE-2023-22323 has been published https://my.f5.com/manage/s/article/K56412001.&nbsp;&nbsp;

Forum Discussion

Help needed to understand KB of f5

Recent Discussions

SSL bridging without SSL proxy forward

Client SSL Profile set to Require Client Certificate breaks RDP in APM

TS Declarations for DNS

APM file and registry key date check 8 days old

Should config via cli rather than gui?

Related Content

Understanding iApps

Understanding IPSec IKEv2 negotiation on Wireshark

Understanding Modern Application Architecture - Part 1

Understanding IPSec IKEv1 negotiation on Wireshark

Understanding Performance Metrics and Network Traffic

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS