Attacker Value
(1 user assessed)
Very Low
(1 user assessed)
User Interaction
Privileges Required
Attack Vector


Last updated June 05, 2020
Add any MITRE ATT&CK Tactics to the list below that apply to this CVE.


** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

Add Assessment

Technical Analysis

BIG-IP platforms with Cavium Nitrox SSL hardware acceleration cards, a virtual server configured with a Client SSL profile, and using Anonymous Diffie-Hellman (ADH) or Ephemeral Diffie-Hellman (DHE) key exchange and Single DH use option not enabled in the options list may be vulnerable to crafted SSL/Transport Layer Security (TLS) handshakes that may result with a pre-master secret (PMS) that starts in a 0 byte and may lead to a recovery of plaintext messages as BIG-IP TLS/SSL ADH/DHE sends different error messages acting as an oracle. Differences in processing time when the PMS starts with 0 byte coupled with very precise timing measurement observation may also expose this vulnerability.

Thats a lot to take in …
A recent research study identified a timing attack against TLS that could be used to recover a shared secret that could then be used to recover plaintext of previously captured data.

In order to be successful outside of a testing environment, an attacker would need to intercept encrypted traffic and then send specially crafted TLS packets to a vulnerable server in the hopes of recovering enough data to decrypt the previously intercepted traffic.


This vulnerability affects BIG-IP systems with virtual servers associated with a Client SSL profile under the following conditions:

  • You are using ADH or DHE key exchange in the Client SSL profile.

    • Note: DHE is enabled by default in the DEFAULT cipher suite. ADH is not available in the DEFAULT cipher suite.
  • You have not enabled the Single Diffie-Hellman use option—or Single DH use option—in the Client SSL profile.

    • Note: The Single DH use option is not enabled by default in the Client SSL profile options list.
  • Your BIG-IP platform has a Cavium Nitrox SSL hardware acceleration card installed. Platforms with this installed include:

    • BIG-IP i11400-DS, i11600-DS, i11800-DS
    • BIG-IP 1600, 3600, 3900, 5000, 6900, 7000, 8900, 10000, 11000, 12000
    • VIPRION 2100, 2150, 2250, 4100, 4200, 4300


F5 have released a set of mitigations that will prevent this attack on vulnerable server until they can be patched.

  • Log in to the Configuration utility.
  • Go to Local Traffic > Profiles > SSL > Client.
  • Select the Client SSL profile.
  • In the Configuration list, select Advanced.
  • In the Options section, in the list, select Options List.
  • In the Options List section, under Available Options, select Single DH use, and then select Enable.
  • The Single DH Use option displays under Enabled Options.
  • In Ciphers, in the text box, enter a cipher string that disables ADH or DHE, such as the following example:
  • In Unclean Shutdown, select Enabled.
  • At the bottom of the page, select Update.

General Information

Additional Info

Technical Analysis