CVE-2020-5947: In versions 16.0.0-16.0.0.1 and 15.1.0-15.1.1, on specific BIG-IP platforms, attackers may be able to obtain TCP sequence numbers from the BIG-IP system that…

medium4.3CVSS 3.1

AVNACLPRLUINSUCLINAN

In versions 16.0.0-16.0.0.1 and 15.1.0-15.1.1, on specific BIG-IP platforms, attackers may be able to obtain TCP sequence numbers from the BIG-IP system that can be reused in future connections with the same source and destination port and IP numbers. Only these platforms are affected: BIG-IP 2000 series (C112), BIG-IP 4000 series (C113), BIG-IP i2000 series (C117), BIG-IP i4000 series (C115), BIG-IP Virtual Edition (VE).

Affected

42 ranges· showing 25

Vendor	Product	Version range	Fixed in
f5	big-ip_aam	—	—
f5	big-ip_access_policy_manager	>= 15.0.0 < 15.1.2	15.1.2
f5	big-ip_access_policy_manager	>= 16.0.0 < 16.0.1	16.0.1
f5	big-ip_advanced_firewall_manager	>= 15.0.0 < 15.1.2	15.1.2
f5	big-ip_advanced_firewall_manager	>= 16.0.0 < 16.0.1	16.0.1
f5	big-ip_advanced_waf	—	—
f5	big-ip_advanced_web_application_firewall	>= 15.0.0 < 15.1.2	15.1.2
f5	big-ip_advanced_web_application_firewall	>= 16.0.0 < 16.0.1	16.0.1
f5	big-ip_afm	—	—
f5	big-ip_analytics	—	—
f5	big-ip_analytics	>= 15.0.0 < 15.1.2	15.1.2
f5	big-ip_analytics	>= 16.0.0 < 16.0.1	16.0.1
f5	big-ip_apm	—	—
f5	big-ip_application_acceleration_manager	>= 15.0.0 < 15.1.2	15.1.2
f5	big-ip_application_acceleration_manager	>= 16.0.0 < 16.0.1	16.0.1
f5	big-ip_application_security_manager	>= 15.0.0 < 15.1.2	15.1.2
f5	big-ip_application_security_manager	>= 16.0.0 < 16.0.1	16.0.1
f5	big-ip_asm	—	—
f5	big-ip_ddos_hybrid_defender	>= 15.0.0 < 15.1.2	15.1.2
f5	big-ip_ddos_hybrid_defender	>= 16.0.0 < 16.0.1	16.0.1
f5	big-ip_dhd	—	—
f5	big-ip_dns	—	—
f5	big-ip_domain_name_system	>= 15.0.0 < 15.1.2	15.1.2
f5	big-ip_domain_name_system	>= 16.0.0 < 16.0.1	16.0.1
f5	big-ip_fps	—	—