Sign-up

ID

VAR-202004-2014


CVE

CVE-2020-5870


TITLE

BIG-IQ Vulnerability regarding lack of authentication for critical features in

Trust: 0.8

sources: JVNDB: JVNDB-2020-004659

DESCRIPTION

In BIG-IQ 5.2.0-7.0.0, high availability (HA) synchronization mechanisms do not use any form of authentication for connecting to the peer. BIG-IQ There is a vulnerability in the lack of authentication for critical features.Information may be obtained and tampered with. F5 BIG-IQ is a set of software-based cloud management solutions from F5 Corporation of the United States. The solution supports the deployment of application delivery and network services across public and private clouds, traditional data centers and hybrid environments. An attacker could exploit this vulnerability with a specially crafted request to bypass access restrictions

Trust: 1.8

sources: NVD: CVE-2020-5870 // JVNDB: JVNDB-2020-004659 // VULHUB: VHN-183995 // VULMON: CVE-2020-5870

AFFECTED PRODUCTS

vendor:f5model:big-iq centralized managementscope:gteversion:7.0.0

Trust: 1.0

vendor:f5model:big-iq centralized managementscope:ltversion:7.1.0

Trust: 1.0

vendor:f5model:big-iq centralized managementscope:gteversion:6.0.0

Trust: 1.0

vendor:f5model:big-iq centralized managementscope:lteversion:5.4.0

Trust: 1.0

vendor:f5model:big-iq centralized managementscope:lteversion:6.1.0

Trust: 1.0

vendor:f5model:big-iq centralized managementscope:gteversion:5.2.0

Trust: 1.0

vendor:f5model:big-iq centralized managementscope:eqversion:5.2.0 から 7.0.0

Trust: 0.8

vendor:f5model:big-iq centralized managementscope:eqversion:5.2.0

Trust: 0.1

vendor:f5model:big-iq centralized managementscope:eqversion:5.3.0

Trust: 0.1

vendor:f5model:big-iq centralized managementscope:eqversion:5.4.0

Trust: 0.1

vendor:f5model:big-iq centralized managementscope:eqversion:6.0.0

Trust: 0.1

vendor:f5model:big-iq centralized managementscope:eqversion:6.0.1

Trust: 0.1

vendor:f5model:big-iq centralized managementscope:eqversion:6.1.0

Trust: 0.1

vendor:f5model:big-iq centralized managementscope:eqversion:7.0.0

Trust: 0.1

sources: VULMON: CVE-2020-5870 // JVNDB: JVNDB-2020-004659 // NVD: CVE-2020-5870

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-5870
value: HIGH

Trust: 1.0

NVD: JVNDB-2020-004659
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202004-2087
value: HIGH

Trust: 0.6

VULHUB: VHN-183995
value: MEDIUM

Trust: 0.1

VULMON: CVE-2020-5870
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-5870
severity: MEDIUM
baseScore: 4.8
vectorString: AV:A/AC:L/AU:N/C:P/I:P/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.5
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: JVNDB-2020-004659
severity: MEDIUM
baseScore: 4.8
vectorString: AV:A/AC:L/AU:N/C:P/I:P/A:N
accessVector: ADJACENT NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-183995
severity: MEDIUM
baseScore: 4.8
vectorString: AV:A/AC:L/AU:N/C:P/I:P/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.5
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-5870
baseSeverity: HIGH
baseScore: 8.1
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 5.2
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-004659
baseSeverity: HIGH
baseScore: 8.1
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-183995 // VULMON: CVE-2020-5870 // JVNDB: JVNDB-2020-004659 // CNNVD: CNNVD-202004-2087 // NVD: CVE-2020-5870

PROBLEMTYPE DATA

problemtype:CWE-306

Trust: 1.9

sources: VULHUB: VHN-183995 // JVNDB: JVNDB-2020-004659 // NVD: CVE-2020-5870

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202004-2087

TYPE

access control error

Trust: 0.6

sources: CNNVD: CNNVD-202004-2087

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-004659

PATCH
title:K69422435url:https://support.f5.com/csp/article/K69422435
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2020-004659

EXTERNAL IDS
db:NVDid:CVE-2020-5870
Trust: 2.6
db:JVNDBid:JVNDB-2020-004659
Trust: 0.8
db:CNNVDid:CNNVD-202004-2087
Trust: 0.7
db:AUSCERTid:ESB-2020.1421
Trust: 0.6
db:CNVDid:CNVD-2021-25682
Trust: 0.1
db:VULHUBid:VHN-183995
Trust: 0.1
db:VULMONid:CVE-2020-5870
Trust: 0.1
sources:
            
            
            VULHUB: VHN-183995 // 
            
            
            
            VULMON: CVE-2020-5870 // 
            
            
            
            JVNDB: JVNDB-2020-004659 // 
            
            
            
            CNNVD: CNNVD-202004-2087 // 
            
            
            
            NVD: CVE-2020-5870

REFERENCES
url:https://support.f5.com/csp/article/k69422435
Trust: 1.8
url:https://nvd.nist.gov/vuln/detail/cve-2020-5870
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5870
Trust: 0.8
url:https://www.auscert.org.au/bulletins/esb-2020.1421/
Trust: 0.6
url:https://cwe.mitre.org/data/definitions/306.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/180722
Trust: 0.1
sources:
            
            
            VULHUB: VHN-183995 // 
            
            
            
            VULMON: CVE-2020-5870 // 
            
            
            
            JVNDB: JVNDB-2020-004659 // 
            
            
            
            CNNVD: CNNVD-202004-2087 // 
            
            
            
            NVD: CVE-2020-5870

SOURCES
db:VULHUBid:VHN-183995
db:VULMONid:CVE-2020-5870
db:JVNDBid:JVNDB-2020-004659
db:CNNVDid:CNNVD-202004-2087
db:NVDid:CVE-2020-5870

LAST UPDATE DATE
2024-11-23T23:01:23.806000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-183995date:2020-04-28T00:00:00
db:VULMONid:CVE-2020-5870date:2020-04-28T00:00:00
db:JVNDBid:JVNDB-2020-004659date:2020-05-25T00:00:00
db:CNNVDid:CNNVD-202004-2087date:2020-05-06T00:00:00
db:NVDid:CVE-2020-5870date:2024-11-21T05:34:44.277

SOURCES RELEASE DATE
db:VULHUBid:VHN-183995date:2020-04-24T00:00:00
db:VULMONid:CVE-2020-5870date:2020-04-24T00:00:00
db:JVNDBid:JVNDB-2020-004659date:2020-05-25T00:00:00
db:CNNVDid:CNNVD-202004-2087date:2020-04-24T00:00:00
db:NVDid:CVE-2020-5870date:2020-04-24T14:15:14.310