CVE-2020-5881F5 Big-ip Access Policy Manager vulnerability

4 documents4 sources
Severity
7.5HIGHNVD
EPSS
0.6%
top 29.22%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
11
F5 Big-ip Access Policy ManagerF5 Big-ip Advanced Firewall ManagerF5 Big-ip Analytics+8 more
Timeline
PublishedApr 30
Latest updateMay 24

Description

On versions 15.0.0-15.1.0.1, 14.1.0-14.1.2.3, and 13.1.0-13.1.3.3, when the BIG-IP Virtual Edition (VE) is configured with VLAN groups and there are devices configured with OSPF connected to it, the Network Device Abstraction Layer (NDAL) Interfaces can lock up and in turn disrupting the communication between the mcpd and tmm processes.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages11 packages

NVDf5/big-ip_analytics13.1.013.1.3.3+2
NVDf5/big-ip_link_controller13.1.013.1.3.3+2
NVDf5/big-ip_domain_name_system13.1.013.1.3.3+2
NVDf5/big-ip_access_policy_manager13.1.013.1.3.3+2
NVDf5/big-ip_local_traffic_manager13.1.013.1.3.3+2

🔴Vulnerability Details

2
GHSA
GHSA-9r2q-6jq7-9fj3: On versions 152022-05-24
CVEList
CVE-2020-5881: On versions 152020-04-30

📋Vendor Advisories

1
F5
CVE-2020-5881: On versions 152020-04-30
CVE-2020-5881 — F5 vulnerability | cvebase