CVE-2020-5943 — Use of a Broken or Risky Cryptographic Algorithm in F5 Big-ip Access Policy Manager
Severity
6.5MEDIUMNVD
EPSS
0.2%
top 63.79%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedNov 5
Latest updateMay 24
Description
In versions 14.1.0-14.1.0.1 and 14.1.2.5-14.1.2.7, when a BIG-IP object is created or listed through the REST interface, the protected fields are obfuscated in the REST response, not protected via a SecureVault cryptogram as TMSH does. One example of protected fields is the GTM monitor password.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6