CVE-2020-5862Improper Input Validation in F5 Big-ip Global Traffic Manager

CWE-20Improper Input Validation8 documents4 sources
Severity
7.5HIGHNVD
EPSS
0.9%
top 24.41%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
12
F5 Big-ip Access Policy ManagerF5 Big-ip Advanced Firewall ManagerF5 Big-ip Advanced WEB Application Firewall+9 more
Timeline
PublishedMar 27
Latest updateMay 24

Description

On BIG-IP 15.1.0-15.1.0.1, 15.0.0-15.0.1.1, and 14.1.0-14.1.2.2, under certain conditions, TMM may crash or stop processing new traffic with the DPDK/ENA driver on AWS systems while sending traffic. This issue does not affect any other platforms, hardware or virtual, or any other cloud provider since the affected driver is specific to AWS.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages13 packages

NVDf5/big-ip_local_traffic_manager15.1.0.415.1.3.1+3
NVDf5/big-ip_global_traffic_manager15.1.0.415.1.3.1+3
NVDf5/big-ip_analytics15.1.0.415.1.3.1+3
NVDf5/big-ip_link_controller15.1.0.415.1.3.1+3
NVDf5/big-ip_domain_name_system15.1.0.415.1.3.1+3

🔴Vulnerability Details

4
GHSA
GHSA-xwrf-mmfx-x4vx: On BIG-IP versions 152022-05-24
GHSA
GHSA-85v3-g58g-j776: On BIG-IP 152022-05-24
CVEList
CVE-2021-23051: On BIG-IP versions 152021-09-14
CVEList
CVE-2020-5862: On BIG-IP 152020-03-27

📋Vendor Advisories

2
F5
CVE-2021-23051: On BIG-IP versions 152021-09-14
F5
CVE-2020-5862: On BIG-IP 152020-03-27
CVE-2020-5862 — Improper Input Validation in F5 | cvebase