CVE-2020-5870Missing Authentication for Critical Function in F5 Big-iq Centralized Management

CWE-306Missing Authentication for Critical Function4 documents4 sources
Severity
8.1HIGHNVD
EPSS
0.2%
top 55.28%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
F5 Big-iq Centralized Management
Timeline
PublishedApr 24
Latest updateMay 24

Description

In BIG-IQ 5.2.0-7.0.0, high availability (HA) synchronization mechanisms do not use any form of authentication for connecting to the peer.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:NExploitability: 2.8 | Impact: 5.2

Affected Packages2 packages

NVDf5/big-iq_centralized_management7.0.07.1.0+2
CVEListV5f5/big-iq_centralized_management5.2.0-7.0.0

🔴Vulnerability Details

2
GHSA
GHSA-56mf-pgq9-8ccj: In BIG-IQ 52022-05-24
CVEList
CVE-2020-5870: In BIG-IQ 52020-04-24

📋Vendor Advisories

1
F5
CVE-2020-5870: In BIG-IQ 52020-04-24
CVE-2020-5870 — F5 vulnerability | cvebase