CVE-2020-5851 — F5 Big-ip Domain Name System vulnerability

4 documents4 sources

Severity

4.6MEDIUMNVD

EPSS

0.2%

top 57.06%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

F5 Big-ip Access Policy Manager F5 Big-ip Local Traffic Manager F5 Big-ip Advanced Firewall Manager +10 more

Timeline

PublishedJan 14

Latest updateMay 24

Description

On impacted versions and platforms the Trusted Platform Module (TPM) system integrity check cannot detect modifications to specific system components. This issue only impacts specific engineering hotfixes and platforms. NOTE: This vulnerability does not affect any of the BIG-IP major, minor or maintenance releases you obtained from downloads.f5.com. The affected Engineering Hotfix builds are as follows: Hotfix-BIGIP-14.1.0.2.0.45.4-ENG Hotfix-BIGIP-14.1.0.2.0.62.4-ENG

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 0.9 | Impact: 3.6

Affected Packages15 packages

▶NVDf5/big-ip_domain_name_system14.1.0.2.0.45.4, 14.1.0.2.0.62.4+1

▶NVDf5/big-ip_analytics14.1.0.2.0.45.4, 14.1.0.2.0.62.4+1

▶NVDf5/big-ip_edge_gateway14.1.0.2.0.45.4, 14.1.0.2.0.62.4+1

▶NVDf5/big-ip_webaccelerator14.1.0.2.0.45.4, 14.1.0.2.0.62.4+1

▶NVDf5/big-ip_link_controller14.1.0.2.0.45.4, 14.1.0.2.0.62.4+1

🔴Vulnerability Details

GHSA

GHSA-8qq9-995j-w4pc: On impacted versions and platforms the Trusted Platform Module (TPM) system integrity check cannot detect modifications to specific system components↗2022-05-24

▶

CVEList

CVE-2020-5851: On impacted versions and platforms the Trusted Platform Module (TPM) system integrity check cannot detect modifications to specific system components↗2020-01-14

▶