The version of F5 Networks BIG-IP installed on the remote host is prior to 15.1.10 / 16.1.4 / 17.1.0.1. It is, therefore, affected by a vulnerability as referenced in the K000132946 advisory.

    The public API function BIO_new_NDEF is a helper function used for streaming ASN.1 data via a BIO. It is     primarily used internally to OpenSSL to support the SMIME, CMS and PKCS7 streaming capabilities, but may     also be called directly by end user applications. The function receives a BIO from the caller, prepends a     new BIO_f_asn1 filter BIO onto the front of it to form a BIO chain, and then returns the new head of the     BIO chain to the caller. Under certain conditions, for example if a CMS recipient public key is invalid,     the new filter BIO is freed and the function returns a NULL result indicating a failure. However, in this     case, the BIO chain is not properly cleaned up and the BIO passed by the caller still retains internal     pointers to the previously freed filter BIO. If the caller then goes on to call BIO_pop() on the BIO then     a use-after-free will occur. This will most likely result in a crash. This scenario occurs directly in the     internal function B64_write_ASN1() which may cause BIO_new_NDEF() to be called and will subsequently call     BIO_pop() on the BIO. This internal function is in turn called by the public API functions     PEM_write_bio_ASN1_stream, PEM_write_bio_CMS_stream, PEM_write_bio_PKCS7_stream, SMIME_write_ASN1,     SMIME_write_CMS and SMIME_write_PKCS7. Other public API functions that may be impacted by this include     i2d_ASN1_bio_stream, BIO_new_CMS, BIO_new_PKCS7, i2d_CMS_bio_stream and i2d_PKCS7_bio_stream. The OpenSSL     cms and smime command line applications are similarly affected.(CVE-2023-0215)

Tenable has extracted the preceding description block directly from the F5 Networks BIG-IP security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Detections

Analytics

F5 Networks BIG-IP : OpenSSL vulnerability (K000132946)

critical Nessus Plugin ID 177564

Version 1.5

Version 1.4

Version 1.3

Version 1.2

Version 1.2

Version 1.1

Version 1.0

Version 1.5 Mar 27, 2025, 11:10 AM CVSS metrics ("Cvssv4 score" set to 9.3) CVSS metrics ("Cvssv4 threat vector" set to "CVSS:4.0/E:U") CVSS metrics ("Cvssv4 vector" set to "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N") Detection (updated detection logic) Plugin metadata Plugin Feed: 202503271110
Version 1.4 Feb 1, 2024, 11:53 PM Plugin metadata Plugin Feed: 202402012353
Version 1.3 Dec 5, 2023, 6:24 AM Detection (updated detection logic) Plugin Feed: 202312050624
Version 1.2 Aug 31, 2023, 8:12 AM Detection Plugin Feed: 202308310812
Version 1.2 Dec 5, 2023, 4:24 AM Detection (updated detection logic) Plugin Feed: 202312050424
Version 1.1 Aug 18, 2023, 2:03 PM Detection Plugin Feed: 202308181403
Version 1.0 Jun 23, 2023, 6:06 PM New Plugin Feed: 202306231806