Details of VAR-202001-1697

ID

VAR-202001-1697

CVE

CVE-2020-5851

TITLE

plural BIG-IP Product vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2020-001487

DESCRIPTION

On impacted versions and platforms the Trusted Platform Module (TPM) system integrity check cannot detect modifications to specific system components. This issue only impacts specific engineering hotfixes and platforms. NOTE: This vulnerability does not affect any of the BIG-IP major, minor or maintenance releases you obtained from downloads.f5.com. The affected Engineering Hotfix builds are as follows: Hotfix-BIGIP-14.1.0.2.0.45.4-ENG Hotfix-BIGIP-14.1.0.2.0.62.4-ENG. plural BIG-IP The product contains unspecified vulnerabilities.Information may be altered

Trust: 1.62

sources: NVD: CVE-2020-5851 // JVNDB: JVNDB-2020-001487

AFFECTED PRODUCTS

vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	14.1.0.2.0.62.4	Trust: 1.6
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	14.1.0.2.0.45.4	Trust: 1.6
vendor:	f5	model:	big-ip policy enforcement manager	scope:	eq	version:	14.1.0.2.0.45.4	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	eq	version:	14.1.0.2.0.45.4	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	14.1.0.2.0.45.4	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	eq	version:	14.1.0.2.0.45.4	Trust: 1.0
vendor:	f5	model:	big-ip edge gateway	scope:	eq	version:	14.1.0.2.0.62.4	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	eq	version:	14.1.0.2.0.62.4	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	eq	version:	14.1.0.2.0.45.4	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	eq	version:	14.1.0.2.0.45.4	Trust: 1.0
vendor:	f5	model:	big-ip edge gateway	scope:	eq	version:	14.1.0.2.0.45.4	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	eq	version:	14.1.0.2.0.45.4	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	eq	version:	14.1.0.2.0.62.4	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	eq	version:	14.1.0.2.0.62.4	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	14.1.0.2.0.45.4	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	14.1.0.2.0.45.4	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	eq	version:	14.1.0.2.0.62.4	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	14.1.0.2.0.62.4	Trust: 1.0
vendor:	f5	model:	big-ip webaccelerator	scope:	eq	version:	14.1.0.2.0.45.4	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	eq	version:	14.1.0.2.0.62.4	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	eq	version:	14.1.0.2.0.62.4	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	eq	version:	14.1.0.2.0.62.4	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	eq	version:	14.1.0.2.0.45.4	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	14.1.0.2.0.62.4	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	14.1.0.2.0.62.4	Trust: 1.0
vendor:	f5	model:	big-ip webaccelerator	scope:	eq	version:	14.1.0.2.0.62.4	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	eq	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip advanced firewall manager	scope:	eq	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip application acceleration manager	scope:	eq	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip edge gateway	scope:	eq	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip fraud protection service	scope:	eq	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip global traffic manager	scope:	eq	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip i11600	scope:	eq	version:	-	Trust: 0.6
vendor:	f5	model:	big-ip i2600	scope:	eq	version:	-	Trust: 0.6
vendor:	f5	model:	big-ip 2800	scope:	eq	version:	-	Trust: 0.6
vendor:	f5	model:	big-ip i10800	scope:	eq	version:	-	Trust: 0.6
vendor:	f5	model:	big-ip i10600	scope:	eq	version:	-	Trust: 0.6
vendor:	f5	model:	big-ip i15800	scope:	eq	version:	-	Trust: 0.6
vendor:	f5	model:	big-ip i11800	scope:	eq	version:	-	Trust: 0.6
vendor:	f5	model:	big-ip i15600	scope:	eq	version:	-	Trust: 0.6

sources: JVNDB: JVNDB-2020-001487 // CNNVD: CNNVD-202001-445 // NVD: CVE-2020-5851

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-5851
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2020-5851
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202001-445
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2020-5851
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8

nvd@nist.gov:	CVE-2020-5851
baseSeverity:	MEDIUM
baseScore:	4.6
vectorString:	CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector:	PHYSICAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	0.9
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2020-5851
baseSeverity:	MEDIUM
baseScore:	4.6
vectorString:	CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector:	PHYSICAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2020-001487 // CNNVD: CNNVD-202001-445 // NVD: CVE-2020-5851

PROBLEMTYPE DATA

problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	Other (CWE-Other) [NVD Evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2020-001487 // NVD: CVE-2020-5851

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202001-445

PATCH

title:

K91171450

url:

https://support.f5.com/csp/article/K91171450

Trust: 0.8

sources: JVNDB: JVNDB-2020-001487

EXTERNAL IDS

db:	NVD	id:	CVE-2020-5851	Trust: 2.4
db:	JVNDB	id:	JVNDB-2020-001487	Trust: 0.8
db:	AUSCERT	id:	ESB-2020.0137	Trust: 0.6
db:	CNNVD	id:	CNNVD-202001-445	Trust: 0.6

sources: JVNDB: JVNDB-2020-001487 // CNNVD: CNNVD-202001-445 // NVD: CVE-2020-5851

REFERENCES

url:	https://support.f5.com/csp/article/k91171450	Trust: 1.6
url:	https://nvd.nist.gov/vuln/detail/cve-2020-5851	Trust: 1.4
url:	https://vigilance.fr/vulnerability/f5-big-ip-engineering-hotfix-privilege-escalation-via-tpm-31315	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.0137/	Trust: 0.6

sources: JVNDB: JVNDB-2020-001487 // CNNVD: CNNVD-202001-445 // NVD: CVE-2020-5851

SOURCES

db:	JVNDB	id:	JVNDB-2020-001487
db:	CNNVD	id:	CNNVD-202001-445
db:	NVD	id:	CVE-2020-5851

LAST UPDATE DATE

2024-11-23T22:21:20.954000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2020-001487	date:	2020-02-12T00:00:00
db:	CNNVD	id:	CNNVD-202001-445	date:	2020-01-21T00:00:00
db:	NVD	id:	CVE-2020-5851	date:	2024-11-21T05:34:41.807

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2020-001487	date:	2020-02-12T00:00:00
db:	CNNVD	id:	CNNVD-202001-445	date:	2020-01-14T00:00:00
db:	NVD	id:	CVE-2020-5851	date:	2020-01-14T16:15:11.917