Big-IP-Appliances (Firewalls, Load-Balancer) from F5.com have a security vulnerability that allows third parties to break and read SSL connections. An update for the critical vulnerability is available.
Advertising
This info only applies to administrators in corporate environments, using Big-IP-Appliances (Firewalls, Load-Balancer etc.) from F5.com within corporate networks. Nick Sullivan informed within this Tweet about a security bug.
It's hard to overstate how bad this F5 bug is. It's basically DROWN without needing SSLv2. If you have a vulnerable F5, anyone can sign things with your RSA private key. Bleichenbacher strikes again. https://t.co/sIdpsA3w5I
— Nick Sullivan (@grittygrease) 18. November 2017
F5.com support has published this document dealing with details about the vulnerability CVE-2017-6168. This document names also affected products and their software versions.
Advertising
