Sign-up

ID

VAR-202004-2013


CVE

CVE-2020-5869


TITLE

BIG-IQ Vulnerability in information leakage for important functions in

Trust: 0.8

sources: JVNDB: JVNDB-2020-004658

DESCRIPTION

In BIG-IQ 5.2.0-7.0.0, high availability (HA) synchronization is not secure by TLS and may allow on-path attackers to read / modify confidential data in transit. BIG-IQ There is a vulnerability related to information leakage for important functions.Information may be obtained and tampered with. F5 BIG-IQ is a set of software-based cloud management solutions from F5 Corporation of the United States. The solution supports the deployment of application delivery and network services across public and private clouds, traditional data centers and hybrid environments. A security vulnerability exists in F5 BIG-IQ versions 5.2.0 to 7.0.0. Attackers can exploit this vulnerability to read/modify confidential information in transmission

Trust: 1.8

sources: NVD: CVE-2020-5869 // JVNDB: JVNDB-2020-004658 // VULHUB: VHN-183994 // VULMON: CVE-2020-5869

AFFECTED PRODUCTS

vendor:f5model:big-iq centralized managementscope:gteversion:7.0.0

Trust: 1.0

vendor:f5model:big-iq centralized managementscope:ltversion:7.1.0

Trust: 1.0

vendor:f5model:big-iq centralized managementscope:gteversion:6.0.0

Trust: 1.0

vendor:f5model:big-iq centralized managementscope:lteversion:5.4.0

Trust: 1.0

vendor:f5model:big-iq centralized managementscope:lteversion:6.1.0

Trust: 1.0

vendor:f5model:big-iq centralized managementscope:gteversion:5.2.0

Trust: 1.0

vendor:f5model:big-iq centralized managementscope:eqversion:5.2.0 から 7.0.0

Trust: 0.8

vendor:f5model:big-iq centralized managementscope:eqversion:5.2.0

Trust: 0.1

vendor:f5model:big-iq centralized managementscope:eqversion:5.3.0

Trust: 0.1

vendor:f5model:big-iq centralized managementscope:eqversion:5.4.0

Trust: 0.1

vendor:f5model:big-iq centralized managementscope:eqversion:6.0.0

Trust: 0.1

vendor:f5model:big-iq centralized managementscope:eqversion:6.0.1

Trust: 0.1

vendor:f5model:big-iq centralized managementscope:eqversion:6.1.0

Trust: 0.1

vendor:f5model:big-iq centralized managementscope:eqversion:7.0.0

Trust: 0.1

sources: VULMON: CVE-2020-5869 // JVNDB: JVNDB-2020-004658 // NVD: CVE-2020-5869

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-5869
value: CRITICAL

Trust: 1.0

NVD: JVNDB-2020-004658
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-202004-2086
value: CRITICAL

Trust: 0.6

VULHUB: VHN-183994
value: MEDIUM

Trust: 0.1

VULMON: CVE-2020-5869
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-5869
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: JVNDB-2020-004658
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-183994
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-5869
baseSeverity: CRITICAL
baseScore: 9.1
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 5.2
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-004658
baseSeverity: CRITICAL
baseScore: 9.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-183994 // VULMON: CVE-2020-5869 // JVNDB: JVNDB-2020-004658 // CNNVD: CNNVD-202004-2086 // NVD: CVE-2020-5869

PROBLEMTYPE DATA

problemtype:CWE-924

Trust: 1.0

problemtype:CWE-200

Trust: 0.9

sources: VULHUB: VHN-183994 // JVNDB: JVNDB-2020-004658 // NVD: CVE-2020-5869

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202004-2086

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-202004-2086

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-004658

PATCH
title:K28855111url:https://support.f5.com/csp/article/K28855111
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2020-004658

EXTERNAL IDS
db:NVDid:CVE-2020-5869
Trust: 2.6
db:JVNDBid:JVNDB-2020-004658
Trust: 0.8
db:CNNVDid:CNNVD-202004-2086
Trust: 0.7
db:AUSCERTid:ESB-2020.1421
Trust: 0.6
db:VULHUBid:VHN-183994
Trust: 0.1
db:VULMONid:CVE-2020-5869
Trust: 0.1
sources:
            
            
            VULHUB: VHN-183994 // 
            
            
            
            VULMON: CVE-2020-5869 // 
            
            
            
            JVNDB: JVNDB-2020-004658 // 
            
            
            
            CNNVD: CNNVD-202004-2086 // 
            
            
            
            NVD: CVE-2020-5869

REFERENCES
url:https://support.f5.com/csp/article/k28855111
Trust: 1.8
url:https://nvd.nist.gov/vuln/detail/cve-2020-5869
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5869
Trust: 0.8
url:https://www.auscert.org.au/bulletins/esb-2020.1421/
Trust: 0.6
url:https://cwe.mitre.org/data/definitions/200.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/180721
Trust: 0.1
sources:
            
            
            VULHUB: VHN-183994 // 
            
            
            
            VULMON: CVE-2020-5869 // 
            
            
            
            JVNDB: JVNDB-2020-004658 // 
            
            
            
            CNNVD: CNNVD-202004-2086 // 
            
            
            
            NVD: CVE-2020-5869

SOURCES
db:VULHUBid:VHN-183994
db:VULMONid:CVE-2020-5869
db:JVNDBid:JVNDB-2020-004658
db:CNNVDid:CNNVD-202004-2086
db:NVDid:CVE-2020-5869

LAST UPDATE DATE
2024-11-23T23:01:23.836000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-183994date:2021-07-21T00:00:00
db:VULMONid:CVE-2020-5869date:2020-04-28T00:00:00
db:JVNDBid:JVNDB-2020-004658date:2020-05-25T00:00:00
db:CNNVDid:CNNVD-202004-2086date:2020-04-29T00:00:00
db:NVDid:CVE-2020-5869date:2024-11-21T05:34:44.170

SOURCES RELEASE DATE
db:VULHUBid:VHN-183994date:2020-04-24T00:00:00
db:VULMONid:CVE-2020-5869date:2020-04-24T00:00:00
db:JVNDBid:JVNDB-2020-004658date:2020-05-25T00:00:00
db:CNNVDid:CNNVD-202004-2086date:2020-04-24T00:00:00
db:NVDid:CVE-2020-5869date:2020-04-24T14:15:14.233