Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2022.1238.8 K31323265: OpenSSL vulnerability CVE-2022-0778 10 June 2022 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: BIG-IP (All Modules) Traffix SDC F5 OS BIG-IP Edge Client Publisher: F5 Networks Operating System: Network Appliance Resolution: Patch/Upgrade CVE Names: CVE-2022-0778 Original Bulletin: https://support.f5.com/csp/article/K31323265 Comment: CVSS (Max): 7.5 CVE-2022-0778 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) CVSS Source: F5 Networks Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Revision History: June 10 2022: Mail subject updated with the CVSS details June 10 2022: Vendor updated the advisory May 1 2022: PAN-OS fixed version PAN-OS 8.1.23 is added April 26 2022: Vendor added BIG-IP Edge Client details April 23 2022: Vendor added fix for BIG-IP April 11 2022: Vendor added fix for BIG-IP 15.x April 5 2022: Vendor added F5OS in the list of affected products March 24 2022: Initial Release - --------------------------BEGIN INCLUDED TEXT-------------------- K31323265: OpenSSL vulnerability CVE-2022-0778 Original Publication Date: 23 Mar, 2022 Latest Publication Date: 07 Jun, 2022 Security Advisory Description The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters. Since certificate parsing happens prior to verification of the certificate signature, any process that parses an externally supplied certificate may thus be subject to a denial of service attack. The infinite loop can also be reached when parsing crafted private keys as they can contain explicit elliptic curve parameters. Thus vulnerable situations include: - TLS clients consuming server certificates - TLS servers consuming client certificates - Hosting providers taking certificates or private keys from customers - Certificate authorities parsing certification requests from subscribers - Anything else which parses ASN.1 elliptic curve parameters Also any other applications that use the BN_mod_sqrt() where the attacker can control the parameter values are vulnerable to this DoS issue. In the OpenSSL 1.0.2 version the public key is not parsed during initial parsing of the certificate which makes it slightly harder to trigger the infinite loop. However any operation which requires the public key from the certificate will trigger the infinite loop. In particular the attacker can use a self-signed certificate to trigger the loop during verification of the certificate signature. This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0. It was addressed in the releases of 1.1.1n and 3.0.2 on the 15th March 2022. Fixed in OpenSSL 3.0.2 (Affected 3.0.0,3.0.1). Fixed in OpenSSL 1.1.1n (Affected 1.1.1-1.1.1m). Fixed in OpenSSL 1.0.2zd (Affected 1.0.2-1.0.2zc). (CVE-2022-0778) Impact BIG-IP (control plane) This issue affects the Configuration utility (port 443) only when configured in some non-default configurations. These configurations may include restricting access to the Configuration utility using client certificates or accessing the Configuration utility using password-less SSL client certificate authentication, as documented in the following articles: o K12042624: Restricting access to the Configuration utility using client certificates o K30030586: Accessing the Configuration utility using passwordless SSL client certificate authentication This issue also affects the BIG-IP ConfigSync and iQuery listener (port 4353), when exposed, in all configurations. BIG-IP (data plane) This issue affects BIG-IP Client SSL only when configured to validate client certificates (when 'Client Certificate' is set to 'require' or 'request') and the client presents a maliciously crafted certificate, and Server SSL in all configurations if the target server presents a maliciously crafted certificate. BIG-IP (APM) This issue affects BIG-IP APM components including, but not limited to, the APM access profile's On-demand Cert Auth agent. In the On-demand Cert Auth agent, the system dynamically initiates an SSL re-handshake and validates the received client certificate. Traffix The RHEL installation may be vulnerable to a denial-of-service (DoS) attack. For products with None in the Versions known to be vulnerable column, there is no impact. Security Advisory Status F5 Product Development has assigned ID 1087201 (BIG-IP, BIG-IP APM), ID 1089357, 1089353 (BIG-IP Edge Client), ID 1089437 (F5OS), and SDC-1779 (Traffix) to this vulnerability. This issue has been classified as CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop'). To determine if your product and version have been evaluated for this vulnerability, refer to the Applies to (see versions) box. To determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases, point releases, or hotfixes that address the vulnerability, refer to the following table. For more information about security advisory versioning, refer to K51812227: Understanding security advisory versioning. Note: After a fix is introduced for a given minor branch, that fix applies to all subsequent maintenance and point releases for that branch, and no additional fixes for that branch will be listed in the table. For example, when a fix is introduced in 14.1.2.3, the fix also applies to 14.1.2.4, and all later 14.1.x releases (14.1.3.x., 14.1.4.x). For more information, refer to K51812227: Understanding security advisory versioning. Additionally, software versions preceding those listed in the Applies to (see versions) box of this article have reached the End of Technical Support (EoTS) phase of their lifecycle and are no longer evaluated for security issues. For more information, refer to the Security hotfixes section of K4602: Overview of the F5 security vulnerability response policy. +-----------+------+-----------+----------+-----------+------+----------------+ | | |Versions |Fixes | |CVSSv3|Vulnerable | |Product |Branch|known to be|introduced|Severity |score^|component or | | | |vulnerable^|in | |2 |feature | | | |1 | | | | | +-----------+------+-----------+----------+-----------+------+----------------+ | |17.x |None |17.0.0 | | | | | +------+-----------+----------+ | | | | |16.x |16.1.0 - |16.1.2.2 | | | | | | |16.1.2 | | | | | | +------+-----------+----------+ | | | | |15.x |15.1.0 - |15.1.5.1 | | | | | | |15.1.5 | | | |APM server | | +------+-----------+----------+ | |components | |BIG-IP |14.x |14.1.0 - |14.1.4.6 | | |including, but | |(APM) | |14.1.4 | |High |7.5 |not limited to, | | +------+-----------+----------+ | |the On-demand | | |13.x |13.1.0 - |13.1.5 | | |Cert Auth agent | | | |13.1.4 | | | | | | +------+-----------+----------+ | | | | |12.x |12.1.0 - |Will not | | | | | | |12.1.6 |fix | | | | | +------+-----------+----------+ | | | | |11.x |11.6.1 - |Will not | | | | | | |11.6.5 |fix | | | | +-----------+------+-----------+----------+-----------+------+----------------+ | |17.x |None |17.0.0 | | | | | +------+-----------+----------+ | | | | |16.x |16.1.0 - |16.1.2.2 | | | | | | |16.1.2 | | | | | | +------+-----------+----------+ | | | | |15.x |15.1.0 - |15.1.5.1 | | |Control plane: | | | |15.1.5 | | | |httpd/OpenSSL | | +------+-----------+----------+ | | | |BIG-IP (all|14.x |14.1.0 - |14.1.4.6 | | |Data plane: | |modules) | |14.1.4 | |High |7.5 |TMM (Client SSL | | +------+-----------+----------+ | |and Server SSL | | |13.x |13.1.0 - |13.1.5 | | |profiles) | | | |13.1.4 | | | | | | +------+-----------+----------+ | | | | |12.x |12.1.0 - |Will not | | | | | | |12.1.6 |fix | | | | | +------+-----------+----------+ | | | | |11.x |11.6.1 - |Will not | | | | | | |11.6.5 |fix | | | | +-----------+------+-----------+----------+-----------+------+----------------+ | |8.x |None |Not | | | | |BIG-IQ | | |applicable|Not | | | |Centralized+------+-----------+----------+vulnerable^|None |None | |Management |7.x |None |Not |3 | | | | | | |applicable| | | | +-----------+------+-----------+----------+-----------+------+----------------+ | | |7.2.2 | | | | | |BIG-IP Edge| |7.2.1.4 |7.2.2.1 | | | | |Client |7.x |7.2.1 |7.2.1.5 |High |7.5 |OpenSSL | | | |7.1.9 | | | | | | | |7.1.5 | | | | | +-----------+------+-----------+----------+-----------+------+----------------+ |F5OS-A |1.x |1.0.0 - |1.1.0 |High |7.5 |OpenSSL | | | |1.0.1 | | | | | +-----------+------+-----------+----------+-----------+------+----------------+ |F5OS-C |1.x |1.1.0 - |1.3.2 |High |7.5 |OpenSSL | | | |1.3.1 | | | | | +-----------+------+-----------+----------+-----------+------+----------------+ |Traffix SDC|5.x |5.2.0 |None |High |7.5 |RHEL OpenSSL | | | |5.1.0 | | | | | +-----------+------+-----------+----------+-----------+------+----------------+ ^1F5 evaluates only software versions that have not yet reached the End of Technical Support (EoTS) phase of their lifecycle. ^2The CVSSv3 score link takes you to a resource outside of AskF5, and it is possible that the document may be removed without our knowledge. ^3The specified products contain the affected code. However, F5 identifies the vulnerability status as Not vulnerable because the attacker cannot exploit the code in default, standard, or recommended configurations. Recommended Actions Mitigation The following mitigations are currently available. Additional mitigations may become available in the future as this security advisory is investigated further. BIG-IP (control plane) o Do not configure httpd for client-side certificate authentication in the server as described in K12042624: Restricting access to the Configuration utility using client certificates (13.x - 14.x) or K13981: Restricting access to the Configuration utility using client certificates (11.x - 12.x) . If client side certificates have been previously implemented, remove them. o Limit access to the ConfigSync and iQuery listener (TCP port 4353) to trusted hosts only using controls defined externally to the BIG-IP device. Note: While limiting to trusted hosts reduces the risk, it does not prevent a man-in-the-middle attacker from impersonating a trusted endpoint in order to exploit this vulnerability. You can limit access to TCP port 4353 on the BIG-IP system through the following methods: Use controls defined externally to the BIG-IP device such as a network firewall device. Use the packet filtering functionality built into the BIG-IP system. For more information, refer to K13383: Configure CIDR Network Addresses for the BIG-IP packet filter. Use firewall rules or iptables to restrict access from the management interface. For more information, refer to K46122561: Restrict access to the BIG-IP management interface using network firewall rules and K69354049: Restricting access to the BIG-IP management interface for Configuration Utility and iControl REST services using iptables. Supplemental Information o K41942608: Overview of AskF5 security advisory articles o K4602: Overview of the F5 security vulnerability response policy o K4918: Overview of the F5 critical issue hotfix policy o K8986: F5 software lifecycle policy o K9502: BIG-IP hotfix and point release matrix o K13123: Managing BIG-IP product hotfixes (11.x - 17.x) o K9970: Subscribing to email notifications regarding F5 products o K9957: Creating a custom RSS feed to view new and updated documents - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: https://auscert.org.au/gpg-key/ iQIVAwUBYqLAU8kNZI30y1K9AQgGWBAArQQIiaqI8gaynyaruBfpV1Wia5DNzil9 CzxFlBXcmGgz/q9PD+EW5FZ+HsLRRDF7l/+hcsrXSUklLezT7PU8GLqJLg+3N+oQ DApnMK8nKLcG4ZCqBGY3F7v/r93bNkTpxR/AT2Oj0k8l2oBi0L/Lyq6GxeZJfblF gChgXvVBICEGzMcTvWAR42ly5INfswKiATvWsH6ngT4WguWB0EkiQE0WcEJxNeKA 3tlbSorLX6llPYR3WJhSI2obnbTuOQfKvWzq8BkmXjRdB0VO+++iD6bknyGPpoDw TXC10OOoc90XIjzyK6D2CFHYSWyiLSjIruTdqkSBf1uWvWgttI807asxetcAkYEZ BkXZi8CmZyFLWs0o6bcb+NR+QJt055mH4Hxyp9/ZQx0dbRFVniAUUsTLg8O1EcO/ hhI2y1KsUtCd/wsQCFIZ78exUpBoTS/WKe/cgHe5UQERj54DxsGcXimTks/i6gKa jJdtpnsyTCFaSqEaihuEweOdCrMIS6tt8IP886Ban1ddzv9FFerJ1yD410HwU0cK jpLJNndlMGzycSAGvyWZgvMCwTyTU/zX6HgHwuohz2q31zuOew0q4QRP5rSV6t8Y 6dg9iS/JjonnASEjnJjJhcjqwz50hlhNOo5LCXSGMTRXfZQzW1JDw4sD+N+ENbpS y+wf6usJHX8= =61Lt -----END PGP SIGNATURE-----