Yesterday F5 published K56412001: BIG-IP SSL OCSP Authentication profile vulnerability CVE-2023-22323 has been published https://my.f5.com/manage/s/article/K56412001.
In the KB F5, mention the following in terms of vulnerability.
Currently, I am using 18.104.22.168-0.x.x. Am I vulnerable as F5 mentioned Branch 15.x and Versions known to be vulnerable is 15.1.0 - 15.1.8.
Thanks for the reply.
Thanks for the information on iHealth.
You told me that 22.214.171.124-0.x.x is within the vulnerable range. How may I know, according to K56412001: BIG-IP SSL OCSP Authentication profile vulnerability CVE-2023-22323 has been published https://my.f5.com/manage/s/article/K56412001.
Because in this case you consider your release to be 15.1.2 which is within the vulnerable range. Quoting from https://my.f5.com/manage/s/article/K51812227:
Versions known to be vulnerable: The range of product versions within each branch that are confirmed by F5 Product Development as vulnerable. Point releases and hotfixes are not listed in this column, unless a vulnerability is specifically introduced in a given point release or hotfix. Vulnerable versions include all point releases or hotfixes for a given software version. For example, if 13.1.0 is listed as vulnerable, then 126.96.36.199 and 188.8.131.52 are also considered vulnerable if neither of those point releases are listed in the Fixes introduced in column.