Last Modified: Sep 13, 2023
Affected Product(s):
BIG-IP Install/Upgrade
Known Affected Versions:
11.5.1, 11.5.2, 11.5.3, 11.5.4, 11.5.5, 11.5.6, 11.5.7, 11.5.8, 11.5.9, 11.5.10, 11.6.0, 11.6.1, 11.6.2, 11.6.3, 11.6.3.1, 11.6.3.2, 11.6.3.3, 11.6.3.4, 11.6.4, 11.6.5, 11.6.5.1, 11.6.5.2, 11.6.5.3, 12.0.0, 12.0.0 HF1, 12.1.0 HF1, 12.0.0 HF2, 12.1.0 HF2, 12.0.0 HF3, 12.0.0 HF4, 12.1.1 HF1, 12.1.1 HF2, 12.1.2 HF1, 12.1.2 HF2, 12.1.0, 12.1.1, 12.1.2, 12.1.3, 12.1.3.1, 12.1.3.2, 12.1.3.3, 12.1.3.4, 12.1.3.5, 12.1.3.6, 12.1.3.7, 12.1.4, 12.1.4.1, 12.1.5, 12.1.5.1, 12.1.5.2, 12.1.5.3, 12.1.6, 13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.0.1
Opened: Jan 09, 2017 Severity: 3-Major
When the software is in "Common Criteria Mode", an upgrade via the Web UI is not possible, because the upgrade process automatically generates a UCS file, but Common Criteria requires that a password be supplied whenever a UCS is generated. The Web UI does not take this in to account, and never asks for a password for the UCS file.
Software cannot be updated using the Web UI. The install fails with no indication as to why.
Common criteria mode is enabled (i.e., the db variable security.commoncriteria is set to true).
To work around this issue, you can disable Common Criteria mode before upgrading. To do so, perform the following procedure: 1. Log in to the BIG-IP system as an administrator user. 2. Log in to the Traffic Management Shell (tmsh) by typing the following command: tmsh 3. Set the database variable to false by typing the following command: modify sys db security.commoncriteria value false 4. Perform the system upgrade. 5. To turn Common Criteria mode back on, set the security.commoncriteria database variable to true by typing the following command: modify sys db security.commoncriteria value true
None