my.f5.com Open in urlscan Pro
35.158.127.53  Public Scan

Form analysis
1 forms found in the DOM

POST

<form id="fileUploadForm" enctype="multipart/form-data" method="post" target="fileUploadIframe"><input type="file" id="fileSelector" name="file" style="display: none;"><input name="filename" type="hidden"></form>

Text Content

Loading
×Sorry to interrupt
CSS Error

Refresh
Skip to content
 * ShowF5 SitesMenu
 * ShowContact F5Menu
 * ShowFREE TRIALSMenu
 * Under Attack ?

Open navigation menuMyF5
ShowHomeMenu
ShowSupportMenu

ShowMy Products & PlansMenu

ShowResourcesMenu

Open SearchSign In
ShowHomeMenu
ShowSupportMenu

ShowMy Products & PlansMenu

ShowResourcesMenu

 * ShowF5 SitesMenu
 * ShowContact F5Menu
 * ShowFREE TRIALSMenu
 * Under Attack ?


Security Advisory


ARCHIVED - K32485746: OPENSSH VULNERABILITY CVE-2016-10708

Published Date: Apr 11, 2018Updated Date: Jan 8, 2024
 * Download Article
 * Bookmark Article
 * Show social share buttons

AI Recommended Content
Toggle showing the products this article Evaluated products:


THIS ARTICLE HAS BEEN ARCHIVED AND IS NO LONGER MAINTAINED.


SECURITY ADVISORY DESCRIPTION

sshd in OpenSSH before 7.4 allows remote attackers to cause a denial of service
(NULL pointer dereference and daemon crash) via an out-of-sequence NEWKEYS
message, as demonstrated by Honggfuzz, related to kex.c and packet.c.
(CVE-2016-10708)

Impact

This vulnerability allows a remote attacker to disrupt service.


SECURITY ADVISORY STATUS

F5 Product Development has assigned ID 712608 (BIG-IP), ID 712649 (BIG-IQ and F5
iWorkflow), ID 712648 (Enterprise Manager), and ID 431179 (ARX) to this
vulnerability. Additionally, BIG-IP iHealth may list Heuristic H32485746 on the
Diagnostics > Identified > Medium page.

To determine if your product and version have been evaluated for this
vulnerability, refer to the Applies to (see versions) box. To determine if your
release is known to be vulnerable, the components or features that are affected
by the vulnerability, and for information about releases or hotfixes that
address the vulnerability, refer to the following table.

ProductBranchVersions known to be vulnerableFixes introduced inSeverityCVSSv3
score1Vulnerable component or featureBIG-IP (LTM, AAM, AFM, Analytics, APM, ASM,
DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator,
WebSafe)15.xNoneNot applicableMedium5.3OpenSSH14.x14.0.0 -
14.0.114.1.013.x13.1.0 - 13.1.3None12.x12.1.0 - 12.1.5None11.x11.2.1 -
11.6.5NoneARX6.x6.2.0 - 6.4.0NoneMedium5.3OpenSSHEnterprise
Manager3.x3.1.1NoneMedium5.3OpenSSHBIG-IQ Centralized
Management8.xNone8.0.0Medium5.3OpenSSH7.x7.0.0 - 7.1.0None6.x6.0.0 -
6.1.0None5.x5.0.0 - 5.4.0None4.x4.6.0NoneBIG-IQ Cloud and
Orchestration1.x1.0.0NoneMedium5.3OpenSSHF5 iWorkflow2.x2.0.2 -
2.3.0NoneMedium5.3OpenSSHLineRate2.x2.5.0 - 2.6.2NoneMedium5.3OpenSSHTraffix
SDC5.x5.0.0 - 5.1.0NoneMedium5.3OpenSSH4.x4.0.5 - 4.4.0None

1The CVSSv3 score link takes you to a resource outside of AskF5, and it is
possible that the document may be removed without our knowledge.


SECURITY ADVISORY RECOMMENDED ACTIONS

If you are running a version listed in the Versions known to be vulnerable
column, you can eliminate this vulnerability by upgrading to a version listed in
the Fixes introduced in column. If the table lists only an older version than
what you are currently running, or does not list a non-vulnerable version, then
no upgrade candidate currently exists.

Mitigation

None


RELATED CONTENT

 * K51812227: Understanding Security Advisory versioning
 * K41942608: Overview of Security Advisory articles
 * K4602: Overview of the F5 security vulnerability response policy
 * K4918: Overview of the F5 critical issue hotfix policy
 * K9502: BIG-IP hotfix and point release matrix
 * K13123: Managing BIG-IP product hotfixes (11.x - 13.x)
 * K15106: Managing BIG-IQ product hotfixes
 * K167: Downloading software and firmware from F5
 * K9970: Subscribing to email notifications regarding F5 products
 * K9957: Creating a custom RSS feed to view new and updated documents
 * K21232150: Considerations for upgrading BIG-IQ or F5 iWorkflow systems


AI RECOMMENDED CONTENT

 * Knowledge - K000135931: Contact F5 Support
 * Security Advisory - K000148495: libssh vulnerability CVE-2023-1667
 * Security Advisory - K05710614: BIG-IP HSB vulnerability CVE-2024-39778
 * Known Issue - K000148566: F5 rSeries systems may silently reboot after
   upgrading to F5OS-A 1.8.0

Return to Top



Contact Support

Live chat:AskF5
Have a Question?
 * Support and Sales ›

Follow Us
 * 
 * 
 * 
 * 
 * 

About F5
 * Corporate Information
 * Newsroom
 * Investor Relations
 * Careers
 * Contact Information
 * Communication Preferences

Education
 * Training
 * Certification
 * LearnF5
 * Free Online Training

F5 Sites
 * F5.com
 * DevCentral
 * MyF5
 * Partner Central
 * F5 Labs

Support Tasks
 * Read Support Policies
 * Create Support Case
 * Leave Feedback [+]

 * About F5
    * Corporate Information
    * Newsroom
    * Investor Relations
    * Careers
    * Contact Information
    * Communication Preferences

 * Education
    * Training
    * Certification
    * LearnF5
    * Free Online Training

 * F5 Sites
    * F5.com
    * DevCentral
    * MyF5
    * Partner Central
    * F5 Labs

 * Support Tasks
    * Read Support Policies
    * Create Support Case
    * Leave Feedback [+]

©2024 F5, Inc. All rights reserved.

 * Policies
 * Privacy
 * Trademarks
 * California Privacy
 * Do Not Sell My Personal Information
 * MyF5 Terms of Use
 * Cookie-Präferenzen
   Opens in a modal window

Wir respektieren Ihre Privatsphäre
Um Ihnen ein optimales Erlebnis bieten zu können, verwenden wir Technologien von
Drittanbietern, um die Ihnen angezeigten Inhalte zu personalisieren, und um
besser zu verstehen, welche Inhalte für Sie wichtig sind. Weitere Informationen
finden Sie in unserer Datenschutzerklärung.  
Einstellungen ändern Nein, danke Ich bin dabei



Loading