Vulnerability Description

A vulnerability exists in the TLS and DTLS protocols that may allow an attacker to recover plaintext from TLS/DTLS connections that use CBC-mode encryption. (CVE-2013-0169)

Note: Stream ciphers, such as RC4, are not vulnerable to this issue.

Impact

The vulnerability may allow an attacker to recover plaintext from TLS/DTLS connections.

Security Issue Status

F5 Product Development has assigned ID 580596 and ID 407706 (BIG-IP), ID 594397 (BIG-IQ), ID 594400 Enterprise Manager, ID 410613 (FirePass), and ID 410742 (ARX) to this vulnerability. To find out whether F5 has determined that your release is vulnerable, and to obtain information about releases or hotfixes that resolve the vulnerability, refer to the following table:

Vulnerability Recommended Actions

• BIG-IP
• FirePass
• Enterprise Manager
• ARX

BIG-IP

The following section describes affected BIG-IP components and how to protect those components from potential exploit.

Mitigating the exploit for the MGMT interface and the Configuration utility

The BIG-IP Configuration utility is vulnerable. To mitigate potential exploit, F5 recommends that you limit network access to the management (MGMT) interface to a secure, management-only network.

You can change the default cipher string for the BIG-IP Configuration utility. For example, to change the cipher string for the Configuration utility to use the RC4-SHA cipher, refer to the following commands:

BIG-IP 10.x - 11.x

tmsh modify /sys httpd ssl-ciphersuite RC4-SHA

Mitigating the exploit for SSL/TLS virtual servers

To mitigate potential exploit for SSL/TLS virtual servers, you can configure the SSL profile to prefer non-CBC ciphers. To do so, perform the following steps:

Impact of workaround: Changing the ciphers supported by the SSL profile may result in clients being unable to establish an SSL connection.

1. Log in to the Configuration utility.
2. Navigate to Local Traffic > Profiles.
3. In the SSL list, choose Client.
4. Click Create.
5. Type a name for the SSL profile.
6. In the Parent Profile list, choose clientssl.
7. In the Configuration list, choose Advanced.
8. Click the Custom box for Ciphers.
9. From the Ciphers box, delete the DEFAULT cipher string.
10. In the Ciphers box, enter the desired cipher string.

    For BIG-IP 11.5.0 and later, configure the cipher string to prefer non-CBC ciphers. For example, the following string configures the SSL profile to prefer AES-GCM ciphers first, then RC4-SHA ciphers, before resorting to the DEFAULT string, which contains CBC ciphers:

    AES-GCM:RC4-SHA:DEFAULT

    For BIG-IP 11.4.0 and earlier, the following cipher string configures the SSL profile to prefer RC4-SHA before resorting to the DEFAULT string, which contains CBC ciphers:

    RC4-SHA:DEFAULT

11. Click Finished.
12. You must now associate the SSL profile with the virtual server.

FirePass

To protect the FirePass Controller Administrator interface from potential exploit, perform the following procedure:

Changing the cipher string for the FirePass Administrator interface

Impact of procedure: Changing the cipher string may prevent some connections to the Administrator interface.

1. Log in to the FirePass Administrator interface.
2. Navigate to Device Management > Security > User Access Security page > SSL Cipher Security.
3. Click Medium-Grade Security.
4. Click Apply.

Enterprise Manager

To protect the Enterprise Manager Configuration utility from potential exploit, F5 recommends that you limit network access to the MGMT interface to a secure, management-only network.

You can also change the default cipher string for the Enterprise Manager Configuration utility. For example, to change the cipher string for the Configuration utility to use the RC4-SHA cipher, refer to the following commands:

Enterprise Manager 3.x

tmsh modify /sys httpd ssl-ciphersuite RC4-SHA

Enterprise Manager 2.x

bigpipe httpd sslciphersuite RC4-SHA

ARX

The following section describes how to protect the ARX Manager GUI from potential exploit (6.2.0 and later).

Changing the ARX Manager GUI cipher string (6.2.0 and later)

Impact of procedure: Changing the cipher string may prevent some connections to the ARX Manager GUI.

1. Log in to the ARX CLI.
2. Enable privileged mode by typing the following command:

   enable

3. Enable config mode by typing the following command:

   config

4. Enter ssl mode by typing the following command:

   ssl

5. Change the cipher string by typing the following command

   cipher ssl-rsa-with-rc4-128-sha 

6. Exit the menu by typing the following command:

   end

Acknowledgements

F5 would like to acknowledge Nadhem J. AlFardan and Kenneth G. Paterson of the Information Security Group Royal Holloway, University of London for bringing this issue to our attention, and for following the highest standards of responsible disclosure.

Supplemental Information

• http://www.isg.rhul.ac.uk/tls/

  Note: This link takes you to a resource outside of AskF5, and it is possible that the document may be removed without our knowledge.

• SOL8802: Using SSL ciphers with BIG-IP Client SSL and Server SSL profiles
• SOL13405: Restricting Configuration utility access to clients using high encryption SSL ciphers (11.x)
• SOL6768: Restricting Configuration utility access to clients using high encryption SSL ciphers (9.x - 10.x)
• SOL9970: Subscribing to email notifications regarding F5 products
• SOL9957: Creating a custom RSS feed to view new and updated documents
• SOL4602: Overview of the F5 security vulnerability response policy
• SOL4918: Overview of the F5 critical issue hotfix policy
• SOL9502: BIG-IP hotfix matrix
• SOL10322: FirePass hotfix matrix
• SOL12766: ARX hotfix matrix