Forum Discussion

Kuldeep22's avatar
Kuldeep22
Icon for Altostratus rankAltostratus
Apr 23, 2024

vulnerabilities (CVE-2020-36363), CVE-2016-0736,CVE-2019-6593-FOR VERSION BIGIP LTM-16.1.4

Kindly guide me these vulnerabilities (CVE-2020-36363), (CVE-2016-0736), (CVE-2019-6593) -FOR VERSION BIGIP LTM-16.1. 4 are applicable or not.

Thank you

  • Hello Kuldeep22  Please see below the information that was found for your inquiry 

     

     

    1. CVE-2020-36363 : 

      This vulnerability is related to amazon AWS CloudFront TLSv1.2_2019 which allows TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 and TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, which some entities consider to be weak ciphers.

      This is not related to F5 products. 

      2. CVE-2016-0736 : 

      F5 products are not affected by this vulnerability. Please refer the below article.

      K53437580: Apache vulnerabilities CVE-2016-0736 and CVE-2016-2161
      https://my.f5.com/manage/s/article/K53437580


      3. CVE-2019-6593 : 

      Currently your BIG IP is running on version 16.1.4 and this vulnerability is not affected to your BIG IP version.  Kindly go through the below article. 

      K10065173: TMM TLS virtual server vulnerability CVE-2019-6593
      https://my.f5.com/manage/s/article/K10065173