CVE-2020-5869Improper Enforcement of Message Integrity During Transmission in a Communication Channel in F5 Big-iq Centralized Management

CWE-924Improper Enforcement of Message Integrity During Transmission in a Communication ChannelCWE-200Sensitive Information Exposure4 documents4 sources
Severity
9.1CRITICALNVD
EPSS
0.3%
top 47.74%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
F5 Big-iq Centralized Management
Timeline
PublishedApr 24
Latest updateMay 24

Description

In BIG-IQ 5.2.0-7.0.0, high availability (HA) synchronization is not secure by TLS and may allow on-path attackers to read / modify confidential data in transit.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:NExploitability: 3.9 | Impact: 5.2

Affected Packages2 packages

NVDf5/big-iq_centralized_management7.0.07.1.0+2
CVEListV5f5/big-iq_centralized_management5.2.0-7.0.0

🔴Vulnerability Details

2
GHSA
GHSA-3rjh-fcp5-cg7v: In BIG-IQ 52022-05-24
CVEList
CVE-2020-5869: In BIG-IQ 52020-04-24

📋Vendor Advisories

1
F5
CVE-2020-5869: In BIG-IQ 52020-04-24
CVE-2020-5869 — F5 vulnerability | cvebase