Forum Discussion

samphas's avatar
samphas
Icon for Nimbostratus rankNimbostratus
Jul 25, 2023
Solved

Seek to check CVE database and recently release in F5 firewall

Dear alls,

I writing this to seek assist to check the CVE databse and recently relecase in F5 firewall. Where can I find it in F5 firewall. 

Thanks,

Samphas

security
  • Heath_Parrott's avatar
    Heath_Parrott
    Jul 25, 2023

    If you are looking to see if a WAF signature has been updates for a CVE to protect your applications - please see this KB - https://my.f5.com/manage/s/article/K62525205.  If you are wondering if BIG-IP software is exposed to a CVE start be searching the F5 support database at my.f5.com or follow the QKVIEW / ihealth path mentioned by whisperer.

4 Replies

Sort By
  • Heath_Parrott's avatar
    Heath_Parrott
    Icon for Employee rankEmployee
    Jul 25, 2023

    If you are looking to see if a WAF signature has been updates for a CVE to protect your applications - please see this KB - https://my.f5.com/manage/s/article/K62525205.  If you are wondering if BIG-IP software is exposed to a CVE start be searching the F5 support database at my.f5.com or follow the QKVIEW / ihealth path mentioned by whisperer.

    • samphas's avatar
      samphas
      Icon for Nimbostratus rankNimbostratus
      Aug 17, 2023

      How is F5 firewall in customer on-premise got new IPS sinagature update?

  • whisperer's avatar
    whisperer
    Icon for MVP rankMVP
    Jul 25, 2023

    First, the F5 is not a firewall. Now, that said... there are always CVEs with any product, application delivery controller, firewall, DNS appliance, etc. Hackers will find workarounds, and developers will introduce bugs due to lack of sleep and long night programming. That is the nature of the game and the business.

    That said, what version of BIG-IP are you running? You can check open CVEs by uploading a QKView to the F5 iHealth website. This can be used to figure out how important the issue is and how it can be mitigated either by configuration change or eligible available software release:

    https://my.f5.com/manage/s/article/K12878

    Finally, you can also look at the release notes for the F5 BIG-IP software on the downloads page to see what newer software resolves.

     

    • AubreyKingF5's avatar
      AubreyKingF5
      Icon for Admin rankAdmin
      Jul 26, 2023

      Great data.

      My only comment would be that many F5 BIG-IP software devices are definitely firewalls now. I have designed clusters of SP firewalls on VE that scale to 64M PPS per pop, geoscaled by Anycast with absolutely no load balancing involved. The provider referred to it as "Infinite Scale Security". I've designed a massive enterprise VIPRION pair that take 4 inbound 100 Gbps pipes and run DDoS and WAF only for a consolidated back-end DMZ with PA / Cisco firewalls as a firewall for the firewalls before any load balancing (besides inbound link LB) happens anywhere. It's been rock solid for 8 years. No outages since implemented.

      I would argue that F5 *IS* a firewall and a formidable one, at that. My last 6 years selling here, 100% of my designs for service provider were AFM / ASM. Some GTM, some LTM, but all of them had AFM or ASM deployed.