Forum Discussion

Jim_M's avatar
Jim_M
Icon for Cirrus rankCirrus
Feb 20, 2023

Where to view F5SIRT security advisories?

What is the URL for F5 responses to security advisories? Both for CVE pertaining to vulnerabilities on F5 products and regarding protections added to the likes of Advanced WAF? For example, if a CVE is published and an F5 threat protection product such as Advanced WAF offers protection in version ABC, where can i search for that?

3 Replies

  • There really isn't a single answer to this:

    You can check MyF5 for new SecurityAdvisories: https://my.f5.com/manage/s/new-updated-articles#sort=%40f5_updated_published_date%20descending&f:@f5_document_type=[Security%20Advisory]&periodFilter=0&dateField=0

    You can also create an RSS feed to monitor this on an ongoing basis.

    For first-party security advisories (the type of thing F5 discloses in our QSNs), you can subscribe to 'F5 Security Announcements' here https://interact.f5.com/Customer-Preference-Center.html

    For attack signature updates you can subscribe to 'F5 Security Operations Notifications' on the same page.  But you're better off using the automatic update/notification in the product than the email for this.

    Note that there is very often no one-to-one mapping between WAF rules and a given CVE.  You may have one rule that addresses may CVEs, or multiple rules that handle different aspects of one CVE, etc.  It is very, very common that when a new CVE comes out there are already existing rules that block it - so nothing new is published.  The long and short of that is there is no 'index' where you can look up a CVE and say 'these rules block this CVE'.  There just isn't any exhaustive mapping, even internally.

    There may be a rule that mentions a given CVE, but just because a CVE is *not* mentioned doesn't mean the WAF can't block it.  More often than not it can - it is just one of the basic WAF rules that blocks a whole family of vulns that does it.