F5 Networks Updates
1699Warning Date
Severity Level
Warning Number
Target Sector
13 December, 2020
● Medium
2020-2186
All
Description:
F5 Networks has released a security updates to address multiple vulnerabilities in the following product:
- BIG-IP (LTM, AAM, Advanced WAF, AFM, Analytics, APM, ASM, DDHD, DNS, FPS, GTM, Link Controller, PEM, SSLO)
- 15.0.0 - 15.1.0
- 14.1.0 - 14.1.2
- 13.1.0 - 13.1.3
- 12.1.0 - 12.1.5
- 11.5.2 - 11.6.5
Threats:
Attacker could exploit these vulnerabilities by doing the following:
- Unauthorized disclosure of information
- Cross-site scripting (XSS) attack
Best practice and Recommendations:
F5 Networks recommends doing the following:
- Disable DH ciphersuites key exchanges in TLS connections (OpenSSL, SSL profiles)
The CERT team encourages users to review F5 Networks security advisory and apply the necessary updates: