Last Modified: Nov 07, 2022
Known Affected Versions:
12.1.0, 12.1.0 HF1, 12.1.0 HF2, 12.1.1, 12.1.1 HF1, 12.1.1 HF2, 12.1.2, 12.1.2 HF1, 12.1.2 HF2, 12.1.3, 22.214.171.124, 126.96.36.199, 188.8.131.52, 184.108.40.206, 220.127.116.11, 18.104.22.168, 22.214.171.124, 12.1.4, 126.96.36.199, 12.1.5, 188.8.131.52, 13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.0.1
Opened: Sep 30, 2016 Severity: 3-Major
Outdated and unused unit key is left on some devices after an upgrade from an older version. - This occurs with 5000- and 7000-series platforms after upgrade from an older version to v13.0.0. - This occurs with iSeries platforms after upgrade from an older version to v184.108.40.206 or a later v12.1.x software version.
1) Unit key on disk is preferred over unit key in hardware. 2a) Potential config load failures when installing v13.0.0 hotfixes on 5000- and 7000- series devices. 2b) Potential config load failures when installing v12.1.x point releases or hotfixes on iSeries devices.
One of the following sets of conditions: -- Running on 5000- and 7000-series platforms. -- Upgrading from a version earlier than v13.0.0 to v13.0.0. -- Installing v13.0.0 hotfixes Or: -- Running on iSeries platforms. -- Upgrading from v12.1.4 or earlier, to 220.127.116.11 or a later 12.1.x version. -- Installing v12.1.x point releases or engineering hotfixes.
NOTES: -- Impacts 5000- and 7000-series platforms on v13.0.x. -- Impacts iSeries platforms on v18.104.22.168 or a later v12.1.x software version. On or before upgrade to v13.0.0 or its associated hotfixes, perform the following procedure: 1) Set master key to a known value: modify sys crypto master-key prompt-for-password 2) Save config: tmsh save sys config 3) Remove the old unit key: rm /config/bigip/kstore/.unitkey 4) Load config: tmsh load sys config 5) Save config: tmsh save sys config
Unit key is no longer left on platforms after upgrade from an older version.