F5 Networks BIG-IP : Intel processor vulnerabilities (K41043270)

medium Nessus Plugin ID 154689

Synopsis

The remote device is missing a vendor-supplied security patch.

Description

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the K41043270 advisory.

CVE-2021-0086Observable response discrepancy in floating-point operations for some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.CVE-2021-0089Observable response discrepancy in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.ImpactAll versions of Virtual Edition (VE) for the BIG-IP and BIG-IQ products are potentially impacted if the processors underlying the VE installations areaffected. Microcode updates from Intel are available to address this issue but must be applied at the hardware level, which is outside the scope of the ability of F5 to support or patch.This hardware issue impacts all the BIG-IP, BIG-IQ, VIPRION, and VELOS platforms using the following Intel Xeon processor families:Ivy Bridge EPSandy Bridge EPIvy BridgeSandy BridgeHanswell EBroadwellSkylake-DThe following BIG-IP, BIG-IQ, VIPRION, and VELOS platforms are vulnerable:A112 VIPRION Blade 2250A114VIPRION Blade 4450A118 VELOS Blade BX110C109 BIG-IP 5000s, 5200v, 5050s, 5250v, 5250v-FC115BIG-IP iSeries i4600, i4800C116 BIG-IP iSeries i10600, i10600-D, i10800, i10800-DC117BIG-IP iSeries i850, i2600, i2800C118BIG-IP iSeries i7600, i7600-D, i7800, i7800-DC119BIG-IP iSeries i5600, i5800C123BIG-IP iSeries i11600, i11800C124BIG-IP iSeries i11400-DS,i11600-DS,i11800-DSC125BIG-IP iSeries i5820-DFC126BIG-IP iSeries i7820-DFD110 BIG-IP 7000s, 7200v, 7200s-SSL, 7200v-FIPS, 7050s, 7250v, 7055s, 7255sD110 BIG-IQ 7000D111 BIG-IP 12250vD112 BIG-IP 10350v, 10150s-N, 10350v-N, 10350v-FD113 BIG-IP 10000s, 10200v, 10200v-SSL, 10200v-FIPS, 10050s, 10250v, 10055s, 10255vD116 BIG-IP iSeries i15600, i15800E102 BIG- IP 11050 NEBSThe following BIG-IP and VIPRION platforms are not vulnerable:A107VIPRION Blade 4200A108 VIPRION Blade 4300A109VIPRION Blade 2100A110VIPRION Blade 4340A111VIPRION Blade 4200NA113VIPRION Blade 2150C102 BIG-IP 1600, 1600 LCC103 BIG-IP 3600C106BIG-IP 3900C112 BIG-IP 2000s, 2200sC113 BIG-IP 4000s, 4200vC114 BIG-IP 800D104 BIG-IP 6900, 6900s, 6900 FIPSD106 BIG-IP 8900, 8900 FIPSD107 BIG-IP 8950, 8950sE101 BIG-IP 11000, 11000 FIPSE102 BIG-IP 11050 FIPSE102 BIG-IP 11050

Tenable has extracted the preceding description block directly from the F5 Networks BIG-IP security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

The vendor has acknowledged the vulnerability, but no solution has been provided.
Refer to the vendor for remediation guidance.

See Also

https://my.f5.com/manage/s/article/K41043270

Plugin Details

Severity: Medium

ID: 154689

File Name: f5_bigip_SOL41043270.nasl

Version: 1.8

Type: local

Published: 10/28/2021

Updated: 3/27/2025

Configuration: Enable paranoid mode

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: Low

Base Score: 2.1

Temporal Score: 1.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS Score Source: CVE-2021-0089

CVSS v3

Risk Factor: Medium

Base Score: 6.5

Temporal Score: 5.7

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:f5:big-ip_irules_lx, cpe:/h:f5:big-ip_protocol_security_manager, cpe:/a:f5:big-ip_domain_name_system, cpe:/a:f5:big-ip_ssl_orchestrator, cpe:/a:f5:big-ip_policy_enforcement_manager, cpe:/a:f5:big-ip_wan_optimization_manager, cpe:/h:f5:big-ip, cpe:/a:f5:big-ip_iapps_lx, cpe:/a:f5:big-ip_advanced_firewall_manager, cpe:/a:f5:big-ip_local_traffic_manager, cpe:/a:f5:big-ip_access_policy_manager, cpe:/a:f5:big-ip_global_traffic_manager, cpe:/a:f5:big-ip_application_security_manager

Required KB Items: Host/local_checks_enabled, Settings/ParanoidReport, Host/BIG-IP/hotfix, Host/BIG-IP/modules, Host/BIG-IP/version

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 6/9/2021

Reference Information

CVE: CVE-2021-0086, CVE-2021-0089