Specific F5 BIG-IP platforms with Cavium Nitrox FIPS HSM cards generate a deterministic password for the Crypto User account. The predictable nature of the password allows an authenticated user with TMSH access to the BIG-IP system, or anyone with physical access to the FIPS HSM, the information required to generate the correct password. On vCMP systems, all Guests share the same deterministic password, allowing those with TMSH access on one Guest to access keys of a different Guest. The following BIG-IP hardware platforms are affected: 10350v-F, i5820-DF, i7820-DF, i15820-DF, 5250v-F, 7200v-F, 10200v-F, 6900-F, 8900-F, 11000-F, and 11050-F. The BIG-IP rSeries r5920-DF and r10920-DF are not affected, nor does the issue affect software FIPS implementations or network HSM configurations. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
f5 big-ip application acceleration manager 15.1.0 |
||
f5 big-ip local traffic manager 15.1.0 |
||
f5 big-ip advanced firewall manager 15.1.0 |
||
f5 big-ip policy enforcement manager 15.1.0 |
||
f5 big-ip link controller 15.1.0 |
||
f5 big-ip global traffic manager 15.1.0 |
||
f5 big-ip fraud protection service 15.1.0 |
||
f5 big-ip domain name system 15.1.0 |
||
f5 big-ip application security manager 15.1.0 |
||
f5 big-ip access policy manager 15.1.0 |
||
f5 big-ip analytics 15.1.0 |
||
f5 big-ip ddos hybrid defender 15.1.0 |
||
f5 big-ip advanced web application firewall 15.1.0 |
||
f5 big-ip application acceleration manager |
||
f5 big-ip local traffic manager |
||
f5 big-ip advanced web application firewall |
||
f5 big-ip advanced firewall manager |
||
f5 big-ip analytics |
||
f5 big-ip application security manager |
||
f5 big-ip access policy manager |
||
f5 big-ip ddos hybrid defender |
||
f5 big-ip domain name system |
||
f5 big-ip fraud protection service |
||
f5 big-ip global traffic manager |
||
f5 big-ip link controller |
||
f5 big-ip policy enforcement manager |
||
f5 big-ip ssl orchestrator |
||
f5 big-ip webaccelerator 15.1.0 |
||
f5 big-ip edge gateway 15.1.0 |
||
f5 big-ip application visibility and reporting |
||
f5 big-ip carrier-grade nat |
||
f5 big-ip edge gateway |
||
f5 big-ip webaccelerator |
||
f5 big-ip websafe |
||
f5 big-ip application visibility and reporting 15.1.0 |
||
f5 big-ip carrier-grade nat 15.1.0 |
||
f5 big-ip ssl orchestrator 15.1.0 |
||
f5 big-ip websafe 15.1.0 |
||
f5 big-ip_10350v-f_firmware - |
||
f5 big-ip_i5820-df_firmware - |
||
f5 big-ip_i7820-df_firmware - |
||
f5 big-ip_i15820-df_firmware - |
||
f5 big-ip_5250v-f_firmware - |
||
f5 big-ip_7200v-f_firmware - |
||
f5 big-ip_10200v-f_firmware - |
||
f5 big-ip_6900-f_firmware - |
||
f5 big-ip_8900-f_firmware - |
||
f5 big-ip_11000-f_firmware - |
||
f5 big-ip_11050-f_firmware - |
Vulmon