Hotfix Release Information

Version: BIG-IP-11.6.0
Build: 442.204
Hotfix Rollup: 6
Engineering Hotfix: 204

Cumulative fix details for BIG-IP v11.6.0 Hotfix 6, Engineering Hotfix 204 that are included in this release:

--------------------------------------------------------------------------------------

ID: 569467-3

Description: CVE-2016-2084 Cloud image vulnerability

Symptoms: There is an issue with regenerating certificates and keys when deploying BIG-IP cloud images in Amazon Web Services (AWS) and Azure cloud services environments. (CVE-2016-2084 - reserved). Note: CVE-2016-2084 impacts only BIG-IP AWS and Azure cloud deployments; it does not impact other cloud environments, BIG-IP hardware, hypervisor-based Virtual Edition (VE), or vCMP (host or guest) deployments.

Conditions: BIG-IP AWS and Azure cloud instances do not properly regenerate certificates and keys when launched in those environments, resulting in multiple instances sharing the same certificates and keys. To exploit this vulnerability, an attacker would first need to obtain a copy of the configuration of the target instance containing encrypted information, and requires an in-depth knowledge of TMOS internals.

Impact: A successful attack could potentially result in disruption of services and/or information leakage from the exploited BIG-IP instance in AWS and Azure cloud environments. There are no known public exploits at this time.

Workaround: See SOL11772107 on SOL11772107: BIG-IP and BIG-IQ cloud image vulnerability CVE-2016-2084.

Fix: See SOL11772107 on SOL11772107: BIG-IP and BIG-IQ cloud image vulnerability CVE-2016-2084 for detailed information.

--------------------------------------------------------------------------------------

Copyright F5 Networks (2016) - All Rights Reserved