How can we help?

Security Advisory - F5 Automatic Update Vuln of 29 April 2015

Follow

Learning Security Advisory - F5 Automatic Update Vulnerability

Release Date

2015-04-29

Last Update

2015-05-16

Solution Status

Patched

Description

A vulnerability was discovered with F5's BIG-IP software that could allow a man in the middle (MITM) attack on the software's Auto Update feature. The MITM could potentially upload malicious software updates to devices running vulnerable copies of BIG-IP.

Level

Severe

Impact

Allows installation of unauthorized software updates to production PowerSchool Learning servers.

Systems Affected

Haiku Learning

Summary: On April 29th, 2015 F5 released an advisory regarding a man in the middle vulnerability in their software's auto update feature. In response, the Learning Security Team temporarily disabled the auto updates feature on all of our F5 devices. On May 15th, 2015 we install a patched version of the BIG-IP software on our F5 devices which resolves this vulnerability and have now re-enable auto updates.

Status: All systems are patched as of 2015-05-15.

Powered by Zendesk