Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2022.1238.8
K31323265: OpenSSL vulnerability CVE-2022-0778
10 June 2022
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: BIG-IP (All Modules)
Traffix SDC
F5 OS
BIG-IP Edge Client
Publisher: F5 Networks
Operating System: Network Appliance
Resolution: Patch/Upgrade
CVE Names: CVE-2022-0778
Original Bulletin:
https://support.f5.com/csp/article/K31323265
Comment: CVSS (Max): 7.5 CVE-2022-0778 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVSS Source: F5 Networks
Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Revision History: June 10 2022: Mail subject updated with the CVSS details
June 10 2022: Vendor updated the advisory
May 1 2022: PAN-OS fixed version PAN-OS 8.1.23 is added
April 26 2022: Vendor added BIG-IP Edge Client details
April 23 2022: Vendor added fix for BIG-IP
April 11 2022: Vendor added fix for BIG-IP 15.x
April 5 2022: Vendor added F5OS in the list of affected products
March 24 2022: Initial Release
- --------------------------BEGIN INCLUDED TEXT--------------------
K31323265: OpenSSL vulnerability CVE-2022-0778
Original Publication Date: 23 Mar, 2022
Latest Publication Date: 07 Jun, 2022
Security Advisory Description
The BN_mod_sqrt() function, which computes a modular square root, contains a
bug that can cause it to loop forever for non-prime moduli. Internally this
function is used when parsing certificates that contain elliptic curve public
keys in compressed form or explicit elliptic curve parameters with a base point
encoded in compressed form. It is possible to trigger the infinite loop by
crafting a certificate that has invalid explicit curve parameters. Since
certificate parsing happens prior to verification of the certificate signature,
any process that parses an externally supplied certificate may thus be subject
to a denial of service attack. The infinite loop can also be reached when
parsing crafted private keys as they can contain explicit elliptic curve
parameters. Thus vulnerable situations include: - TLS clients consuming server
certificates - TLS servers consuming client certificates - Hosting providers
taking certificates or private keys from customers - Certificate authorities
parsing certification requests from subscribers - Anything else which parses
ASN.1 elliptic curve parameters Also any other applications that use the
BN_mod_sqrt() where the attacker can control the parameter values are
vulnerable to this DoS issue. In the OpenSSL 1.0.2 version the public key is
not parsed during initial parsing of the certificate which makes it slightly
harder to trigger the infinite loop. However any operation which requires the
public key from the certificate will trigger the infinite loop. In particular
the attacker can use a self-signed certificate to trigger the loop during
verification of the certificate signature. This issue affects OpenSSL versions
1.0.2, 1.1.1 and 3.0. It was addressed in the releases of 1.1.1n and 3.0.2 on
the 15th March 2022. Fixed in OpenSSL 3.0.2 (Affected 3.0.0,3.0.1). Fixed in
OpenSSL 1.1.1n (Affected 1.1.1-1.1.1m). Fixed in OpenSSL 1.0.2zd (Affected
1.0.2-1.0.2zc). (CVE-2022-0778)
Impact
BIG-IP (control plane)
This issue affects the Configuration utility (port 443) only when configured in
some non-default configurations. These configurations may include restricting
access to the Configuration utility using client certificates or accessing the
Configuration utility using password-less SSL client certificate
authentication, as documented in the following articles:
o K12042624: Restricting access to the Configuration utility using client
certificates
o K30030586: Accessing the Configuration utility using passwordless SSL
client certificate authentication
This issue also affects the BIG-IP ConfigSync and iQuery listener (port 4353),
when exposed, in all configurations.
BIG-IP (data plane)
This issue affects BIG-IP Client SSL only when configured to validate client
certificates (when 'Client Certificate' is set to 'require' or 'request') and
the client presents a maliciously crafted certificate, and Server SSL in all
configurations if the target server presents a maliciously crafted certificate.
BIG-IP (APM)
This issue affects BIG-IP APM components including, but not limited to, the APM
access profile's On-demand Cert Auth agent. In the On-demand Cert Auth agent,
the system dynamically initiates an SSL re-handshake and validates the received
client certificate.
Traffix
The RHEL installation may be vulnerable to a denial-of-service (DoS) attack.
For products with None in the Versions known to be vulnerable column, there is
no impact.
Security Advisory Status
F5 Product Development has assigned ID 1087201 (BIG-IP, BIG-IP APM), ID
1089357, 1089353 (BIG-IP Edge Client), ID 1089437 (F5OS), and SDC-1779
(Traffix) to this vulnerability. This issue has been classified as CWE-835:
Loop with Unreachable Exit Condition ('Infinite Loop').
To determine if your product and version have been evaluated for this
vulnerability, refer to the Applies to (see versions) box. To determine if your
release is known to be vulnerable, the components or features that are affected
by the vulnerability, and for information about releases, point releases, or
hotfixes that address the vulnerability, refer to the following table. For more
information about security advisory versioning, refer to K51812227:
Understanding security advisory versioning.
Note: After a fix is introduced for a given minor branch, that fix applies to
all subsequent maintenance and point releases for that branch, and no
additional fixes for that branch will be listed in the table. For example, when
a fix is introduced in 14.1.2.3, the fix also applies to 14.1.2.4, and all
later 14.1.x releases (14.1.3.x., 14.1.4.x). For more information, refer to
K51812227: Understanding security advisory versioning. Additionally, software
versions preceding those listed in the Applies to (see versions) box of this
article have reached the End of Technical Support (EoTS) phase of their
lifecycle and are no longer evaluated for security issues. For more
information, refer to the Security hotfixes section of K4602: Overview of the
F5 security vulnerability response policy.
+-----------+------+-----------+----------+-----------+------+----------------+
| | |Versions |Fixes | |CVSSv3|Vulnerable |
|Product |Branch|known to be|introduced|Severity |score^|component or |
| | |vulnerable^|in | |2 |feature |
| | |1 | | | | |
+-----------+------+-----------+----------+-----------+------+----------------+
| |17.x |None |17.0.0 | | | |
| +------+-----------+----------+ | | |
| |16.x |16.1.0 - |16.1.2.2 | | | |
| | |16.1.2 | | | | |
| +------+-----------+----------+ | | |
| |15.x |15.1.0 - |15.1.5.1 | | | |
| | |15.1.5 | | | |APM server |
| +------+-----------+----------+ | |components |
|BIG-IP |14.x |14.1.0 - |14.1.4.6 | | |including, but |
|(APM) | |14.1.4 | |High |7.5 |not limited to, |
| +------+-----------+----------+ | |the On-demand |
| |13.x |13.1.0 - |13.1.5 | | |Cert Auth agent |
| | |13.1.4 | | | | |
| +------+-----------+----------+ | | |
| |12.x |12.1.0 - |Will not | | | |
| | |12.1.6 |fix | | | |
| +------+-----------+----------+ | | |
| |11.x |11.6.1 - |Will not | | | |
| | |11.6.5 |fix | | | |
+-----------+------+-----------+----------+-----------+------+----------------+
| |17.x |None |17.0.0 | | | |
| +------+-----------+----------+ | | |
| |16.x |16.1.0 - |16.1.2.2 | | | |
| | |16.1.2 | | | | |
| +------+-----------+----------+ | | |
| |15.x |15.1.0 - |15.1.5.1 | | |Control plane: |
| | |15.1.5 | | | |httpd/OpenSSL |
| +------+-----------+----------+ | | |
|BIG-IP (all|14.x |14.1.0 - |14.1.4.6 | | |Data plane: |
|modules) | |14.1.4 | |High |7.5 |TMM (Client SSL |
| +------+-----------+----------+ | |and Server SSL |
| |13.x |13.1.0 - |13.1.5 | | |profiles) |
| | |13.1.4 | | | | |
| +------+-----------+----------+ | | |
| |12.x |12.1.0 - |Will not | | | |
| | |12.1.6 |fix | | | |
| +------+-----------+----------+ | | |
| |11.x |11.6.1 - |Will not | | | |
| | |11.6.5 |fix | | | |
+-----------+------+-----------+----------+-----------+------+----------------+
| |8.x |None |Not | | | |
|BIG-IQ | | |applicable|Not | | |
|Centralized+------+-----------+----------+vulnerable^|None |None |
|Management |7.x |None |Not |3 | | |
| | | |applicable| | | |
+-----------+------+-----------+----------+-----------+------+----------------+
| | |7.2.2 | | | | |
|BIG-IP Edge| |7.2.1.4 |7.2.2.1 | | | |
|Client |7.x |7.2.1 |7.2.1.5 |High |7.5 |OpenSSL |
| | |7.1.9 | | | | |
| | |7.1.5 | | | | |
+-----------+------+-----------+----------+-----------+------+----------------+
|F5OS-A |1.x |1.0.0 - |1.1.0 |High |7.5 |OpenSSL |
| | |1.0.1 | | | | |
+-----------+------+-----------+----------+-----------+------+----------------+
|F5OS-C |1.x |1.1.0 - |1.3.2 |High |7.5 |OpenSSL |
| | |1.3.1 | | | | |
+-----------+------+-----------+----------+-----------+------+----------------+
|Traffix SDC|5.x |5.2.0 |None |High |7.5 |RHEL OpenSSL |
| | |5.1.0 | | | | |
+-----------+------+-----------+----------+-----------+------+----------------+
^1F5 evaluates only software versions that have not yet reached the End of
Technical Support (EoTS) phase of their lifecycle.
^2The CVSSv3 score link takes you to a resource outside of AskF5, and it is
possible that the document may be removed without our knowledge.
^3The specified products contain the affected code. However, F5 identifies the
vulnerability status as Not vulnerable because the attacker cannot exploit the
code in default, standard, or recommended configurations.
Recommended Actions
Mitigation
The following mitigations are currently available. Additional mitigations may
become available in the future as this security advisory is investigated
further.
BIG-IP (control plane)
o Do not configure httpd for client-side certificate authentication in the
server as described in K12042624: Restricting access to the Configuration
utility using client certificates (13.x - 14.x) or K13981: Restricting
access to the Configuration utility using client certificates (11.x - 12.x)
. If client side certificates have been previously implemented, remove
them.
o Limit access to the ConfigSync and iQuery listener (TCP port 4353) to
trusted hosts only using controls defined externally to the BIG-IP device.
Note: While limiting to trusted hosts reduces the risk, it does not prevent
a man-in-the-middle attacker from impersonating a trusted endpoint in order
to exploit this vulnerability.
You can limit access to TCP port 4353 on the BIG-IP system through the
following methods:
Use controls defined externally to the BIG-IP device such as a network
firewall device.
Use the packet filtering functionality built into the BIG-IP system.
For more information, refer to K13383: Configure CIDR Network Addresses
for the BIG-IP packet filter.
Use firewall rules or iptables to restrict access from the management
interface. For more information, refer to K46122561: Restrict access to
the BIG-IP management interface using network firewall rules and
K69354049: Restricting access to the BIG-IP management interface for
Configuration Utility and iControl REST services using iptables.
Supplemental Information
o K41942608: Overview of AskF5 security advisory articles
o K4602: Overview of the F5 security vulnerability response policy
o K4918: Overview of the F5 critical issue hotfix policy
o K8986: F5 software lifecycle policy
o K9502: BIG-IP hotfix and point release matrix
o K13123: Managing BIG-IP product hotfixes (11.x - 17.x)
o K9970: Subscribing to email notifications regarding F5 products
o K9957: Creating a custom RSS feed to view new and updated documents
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: https://auscert.org.au/gpg-key/
iQIVAwUBYqLAU8kNZI30y1K9AQgGWBAArQQIiaqI8gaynyaruBfpV1Wia5DNzil9
CzxFlBXcmGgz/q9PD+EW5FZ+HsLRRDF7l/+hcsrXSUklLezT7PU8GLqJLg+3N+oQ
DApnMK8nKLcG4ZCqBGY3F7v/r93bNkTpxR/AT2Oj0k8l2oBi0L/Lyq6GxeZJfblF
gChgXvVBICEGzMcTvWAR42ly5INfswKiATvWsH6ngT4WguWB0EkiQE0WcEJxNeKA
3tlbSorLX6llPYR3WJhSI2obnbTuOQfKvWzq8BkmXjRdB0VO+++iD6bknyGPpoDw
TXC10OOoc90XIjzyK6D2CFHYSWyiLSjIruTdqkSBf1uWvWgttI807asxetcAkYEZ
BkXZi8CmZyFLWs0o6bcb+NR+QJt055mH4Hxyp9/ZQx0dbRFVniAUUsTLg8O1EcO/
hhI2y1KsUtCd/wsQCFIZ78exUpBoTS/WKe/cgHe5UQERj54DxsGcXimTks/i6gKa
jJdtpnsyTCFaSqEaihuEweOdCrMIS6tt8IP886Ban1ddzv9FFerJ1yD410HwU0cK
jpLJNndlMGzycSAGvyWZgvMCwTyTU/zX6HgHwuohz2q31zuOew0q4QRP5rSV6t8Y
6dg9iS/JjonnASEjnJjJhcjqwz50hlhNOo5LCXSGMTRXfZQzW1JDw4sD+N+ENbpS
y+wf6usJHX8=
=61Lt
-----END PGP SIGNATURE-----