Details of VAR-202003-1558

ID

VAR-202003-1558

CVE

CVE-2020-5862

TITLE

BIG-IP Input verification vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2020-003529

DESCRIPTION

On BIG-IP 15.1.0-15.1.0.1, 15.0.0-15.0.1.1, and 14.1.0-14.1.2.2, under certain conditions, TMM may crash or stop processing new traffic with the DPDK/ENA driver on AWS systems while sending traffic. This issue does not affect any other platforms, hardware or virtual, or any other cloud provider since the affected driver is specific to AWS. BIG-IP There is an input verification vulnerability in.Service operation interruption (DoS) It may be put into a state. F5 BIG-IP is an application delivery platform integrated with network traffic management, application security management, load balancing and other functions of the US company F5. Security vulnerabilities exist in F5 BIG-IP versions 15.1.0 through 15.1.0.1, 15.0.0 through 15.0.1.1, and 14.1.0 through 14.1.2.2. An attacker can exploit this vulnerability to cause the TMM to crash, making it unable to process new traffic

Trust: 1.71

sources: NVD: CVE-2020-5862 // JVNDB: JVNDB-2020-003529 // VULHUB: VHN-183987

AFFECTED PRODUCTS

vendor:	f5	model:	big-ip global traffic manager	scope:	lte	version:	14.1.2	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	gte	version:	15.0.0	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	lte	version:	15.0.1.1	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	gte	version:	15.0.0	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	lte	version:	15.0.1.1	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	gte	version:	15.1.0	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	lte	version:	15.1.0.1	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	lte	version:	15.1.0.1	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	gte	version:	14.1.0	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	gte	version:	15.1.0	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	gte	version:	15.0.0	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	lte	version:	14.1.2	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	lte	version:	14.1.2	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	gte	version:	15.1.0	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	lte	version:	15.1.0.1	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	lte	version:	15.1.0.1	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	lte	version:	14.1.2.2	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	gte	version:	14.1.0	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	gte	version:	15.0.0	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	lte	version:	14.1.2	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	gte	version:	14.1.0	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	lte	version:	15.0.1.1	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	lte	version:	15.0.1.1	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	gte	version:	15.1.0	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	gte	version:	14.1.0	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	lte	version:	15.0.1.1	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	gte	version:	15.1.0	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	gte	version:	15.0.0	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	gte	version:	15.0.0	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	gte	version:	15.0.0	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	gte	version:	15.1.0	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	lte	version:	15.1.0.1	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	gte	version:	14.1.0	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	lte	version:	15.0.1.1	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	lte	version:	14.1.2	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	lte	version:	15.1.0.1	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	gte	version:	15.1.0	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	gte	version:	14.1.0	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	lte	version:	14.1.2	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	lte	version:	15.0.1.1	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	lte	version:	14.1.2	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	lte	version:	15.1.0.1	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	lte	version:	15.0.1.1	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	gte	version:	15.1.0	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	gte	version:	15.0.0	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	gte	version:	14.1.0	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	lte	version:	15.0.1.1	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	gte	version:	15.0.0	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	lte	version:	15.1.0.1	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	gte	version:	15.1.0	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	gte	version:	14.1.0	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	lte	version:	14.1.2	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	lte	version:	15.1.0.1	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	gte	version:	15.1.0	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	lte	version:	15.1.0.1	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	lte	version:	15.0.1.1	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	gte	version:	14.1.0	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	lte	version:	14.1.2	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	lte	version:	14.1.2	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	gte	version:	14.1.0	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	gte	version:	15.0.0	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	gte	version:	15.0.0	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	lte	version:	15.0.1.1	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	gte	version:	15.1.0	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	lte	version:	15.1.0.1	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	gte	version:	14.1.0	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip advanced firewall manager	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip analytics	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip application acceleration manager	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip application security manager	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip domain name system	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip fraud protection service	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip global traffic manager	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip link controller	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip local traffic manager	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip policy enforcement manager	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2020-003529 // NVD: CVE-2020-5862

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-5862
value:	HIGH
Trust: 1.0
NVD:	JVNDB-2020-003529
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202003-1656
value:	HIGH
Trust: 0.6
VULHUB:	VHN-183987
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-5862
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	JVNDB-2020-003529
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
VULHUB:	VHN-183987
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-5862
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	JVNDB-2020-003529
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-183987 // JVNDB: JVNDB-2020-003529 // CNNVD: CNNVD-202003-1656 // NVD: CVE-2020-5862

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-20	Trust: 0.9

sources: VULHUB: VHN-183987 // JVNDB: JVNDB-2020-003529 // NVD: CVE-2020-5862

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202003-1656

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202003-1656

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-003529

PATCH

title:	K01054113	url:	https://support.f5.com/csp/article/K01054113	Trust: 0.8
title:	F5 BIG-IP Enter the fix for the verification error vulnerability	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=115324	Trust: 0.6

sources: JVNDB: JVNDB-2020-003529 // CNNVD: CNNVD-202003-1656

EXTERNAL IDS

db:	NVD	id:	CVE-2020-5862	Trust: 2.5
db:	JVNDB	id:	JVNDB-2020-003529	Trust: 0.8
db:	CNNVD	id:	CNNVD-202003-1656	Trust: 0.7
db:	AUSCERT	id:	ESB-2020.1087	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.2870	Trust: 0.6
db:	CNVD	id:	CNVD-2020-24027	Trust: 0.1
db:	VULHUB	id:	VHN-183987	Trust: 0.1

sources: VULHUB: VHN-183987 // JVNDB: JVNDB-2020-003529 // CNNVD: CNNVD-202003-1656 // NVD: CVE-2020-5862

REFERENCES

url:	https://support.f5.com/csp/article/k01054113	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2020-5862	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5862	Trust: 0.8
url:	https://www.auscert.org.au/bulletins/esb-2021.2870	Trust: 0.6
url:	https://vigilance.fr/vulnerability/f5-big-ip-denial-of-service-via-aws-31890	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.1087/	Trust: 0.6

sources: VULHUB: VHN-183987 // JVNDB: JVNDB-2020-003529 // CNNVD: CNNVD-202003-1656 // NVD: CVE-2020-5862

SOURCES

db:	VULHUB	id:	VHN-183987
db:	JVNDB	id:	JVNDB-2020-003529
db:	CNNVD	id:	CNNVD-202003-1656
db:	NVD	id:	CVE-2020-5862

LAST UPDATE DATE

2024-11-23T19:46:38.046000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-183987	date:	2021-07-21T00:00:00
db:	JVNDB	id:	JVNDB-2020-003529	date:	2020-04-17T00:00:00
db:	CNNVD	id:	CNNVD-202003-1656	date:	2021-08-26T00:00:00
db:	NVD	id:	CVE-2020-5862	date:	2024-11-21T05:34:43.397

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-183987	date:	2020-03-27T00:00:00
db:	JVNDB	id:	JVNDB-2020-003529	date:	2020-04-17T00:00:00
db:	CNNVD	id:	CNNVD-202003-1656	date:	2020-03-27T00:00:00
db:	NVD	id:	CVE-2020-5862	date:	2020-03-27T15:15:12.553