GuidePoint urges clients to resolve issue ASAP

Earlier this week, F5 Networks released a security advisory, SOL19784568, alerting users to a network traffic vulnerability involving virtual servers on BIG-IP appliances using TCP profiles.

F5 is classifying this as a high severity issue. Because of the potential risk of a complete outage, GuidePoint Security is heavily urging our clients to resolve this issue as soon as possible.

In a nutshell, because of the vulnerability, an attacker, without being authenticated, can craft a malicious packet and send it to a virtual server using a transmission control protocol (TCP) profile. The result can cause the underlying Traffic Management Operating System (TMOS) to reset and cause an outage for the entire device, not just the targeted application. Once compromised, an attacker can continue this attack and cause total outage for as long as the BIG-IP will accept traffic.

Based on the information provided from F5, this can only be completely mitigated by upgrading to a version that this has already been fixed. As of today there has not been engineering hotfix issued to mitigate.  

F5 has provided some instructions for reducing the overall likelihood of encountering the problem. However this is not a full mitigation method only a vast reduction to a potential threat. Updating the TMOS version is the only supported full mitigation method at this time.  We are working with our F5 peers on this matter to better assist our customers.

There is a CVE reserved for this also, CVE-2016-5023, but no content is currently published on Mitre’s site.

Vulnerable versions:

  • 12.0.0
  • 11.6.0 HF5-HF7
  • 11.5.3 – 11.5.4
  • 11.4.1 HF4-HF10
  • 11.2.1 HF11-HF15

Versions NOT considered vulnerable:

  • 12.1.0
  • 12.0.0 HF3
  • 11.6.1
  • 11.6.0-11.6.0 HF4
  • 11.5.4 HF2
  • 11.5.0-11.5.2
  • 11.4.0-11.4.1 HF3
  • 11.2.1 HF16
  • 11.2.1-11.2.1 HF10
  • 10.2.1-10.2.4

GuidePoint Security acknowledges this is a critical vulnerability and will follow it closely. We will continue to disseminate information going forward, and we welcome questions or concerns you might have. For help, please reach out directly to your GuidePoint Security contact, call 877-889-0132, or email info@guidepointsecurity.com.

About GuidePoint Security

GuidePoint Security LLC provides innovative and valuable cybersecurity solutions and expertise that enable organizations to successfully achieve their mission. By embracing new technologies, GuidePoint Security helps clients recognize the threats, understand the solutions, and mitigate the risks present in their evolving IT environments. Headquartered in Herndon, Virginia, GuidePoint Security is a small business, and classification can be found with the System for Award Management (SAM). Learn more at: http://www.guidepointsecurity.com.