CVE-2020-5893

CWE-319Cleartext TransmissionCWE-200Information Exposure4 documents4 sources
Severity
3.7LOW
EPSS
0.1%
top 67.91%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
F5 Big-ip Access Policy Manager ClientF5 Big-ip Access Policy Manager
Timeline
PublishedApr 30
Latest updateMay 24

Description

In versions 7.1.5-7.1.8, when a user connects to a VPN using BIG-IP Edge Client over an unsecure network, BIG-IP Edge Client responds to authentication requests over HTTP while sending probes for captive portal detection.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 2.2 | Impact: 1.4

Affected Packages3 packages

CVEListV5big-ip_edge_client7.1.5-7.1.8
NVDf5/big-ip_access_policy_manager11.6.111.6.5+4

🔴Vulnerability Details

2
GHSA
GHSA-5f6r-4wq3-8vp5: In versions 72022-05-24
CVEList
CVE-2020-5893: In versions 72020-04-30

📋Vendor Advisories

1
F5
CVE-2020-5893: In versions 72020-04-30
CVE-2020-5893 (LOW CVSS 3.7) | In versions 7.1.5-7.1.8 | cvebase.io