CVE-2020-5943
published 2020-11-05CVE-2020-5943: In versions 14.1.0-14.1.0.1 and 14.1.2.5-14.1.2.7, when a BIG-IP object is created or listed through the REST interface, the protected fields are obfuscated in…
medium6.5CVSS 3.1
AVNACLPRLUINSUCHINAN
In versions 14.1.0-14.1.0.1 and 14.1.2.5-14.1.2.7, when a BIG-IP object is created or listed through the REST interface, the protected fields are obfuscated in the REST response, not protected via a SecureVault cryptogram as TMSH does. One example of protected fields is the GTM monitor password.
Affected
43 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| f5 | big-ip_aam | — | — |
| f5 | big-ip_access_policy_manager | — | — |
| f5 | big-ip_access_policy_manager | 14.1.0 – 14.1.0.1 | — |
| f5 | big-ip_access_policy_manager | 14.1.2.5 – 14.1.2.7 | — |
| f5 | big-ip_advanced_firewall_manager | 14.1.0 – 14.1.0.1 | — |
| f5 | big-ip_advanced_firewall_manager | 14.1.2.5 – 14.1.2.7 | — |
| f5 | big-ip_advanced_waf | — | — |
| f5 | big-ip_advanced_web_application_firewall | 14.1.0 – 14.1.0.1 | — |
| f5 | big-ip_advanced_web_application_firewall | 14.1.2.5 – 14.1.2.7 | — |
| f5 | big-ip_afm | — | — |
| f5 | big-ip_analytics | — | — |
| f5 | big-ip_analytics | 14.1.0 – 14.1.0.1 | — |
| f5 | big-ip_analytics | 14.1.2.5 – 14.1.2.7 | — |
| f5 | big-ip_apm | — | — |
| f5 | big-ip_application_acceleration_manager | 14.1.0 – 14.1.0.1 | — |
| f5 | big-ip_application_acceleration_manager | 14.1.2.5 – 14.1.2.7 | — |
| f5 | big-ip_application_security_manager | 14.1.0 – 14.1.0.1 | — |
| f5 | big-ip_application_security_manager | 14.1.2.5 – 14.1.2.7 | — |
| f5 | big-ip_asm | — | — |
| f5 | big-ip_ddos_hybrid_defender | 14.1.0 – 14.1.0.1 | — |
| f5 | big-ip_ddos_hybrid_defender | 14.1.2.5 – 14.1.2.7 | — |
| f5 | big-ip_dhd | — | — |
| f5 | big-ip_dns | — | — |
| f5 | big-ip_domain_name_system | 14.1.0 – 14.1.0.1 | — |
| f5 | big-ip_domain_name_system | 14.1.2.5 – 14.1.2.7 | — |