Details of VAR-202008-0948

ID

VAR-202008-0948

CVE

CVE-2020-5913

TITLE

BIG-IP Certificate validation vulnerabilities in

Trust: 0.8

sources: JVNDB: JVNDB-2020-010457

DESCRIPTION

In versions 15.0.0-15.1.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.2, the BIG-IP Client or Server SSL profile ignores revoked certificates, even when a valid CRL is present. This impacts SSL/TLS connections and may result in a man-in-the-middle attack on the connections. BIG-IP Exists in a certificate validation vulnerability.Information may be obtained and tampered with. BIG-IP Server versions between 15.0.0 and 15.1.0.1, versions between 14.1.0 and 14.1.2.3, versions between 13.1.0 and 13.1.3.4, versions between 12.1.0 and 12.1.5.1, and 11.6 There are security vulnerabilities in versions between .1 and 11.6.5.2

Trust: 1.71

sources: NVD: CVE-2020-5913 // JVNDB: JVNDB-2020-010457 // VULHUB: VHN-184038

AFFECTED PRODUCTS

vendor:	f5	model:	big-ip advanced firewall manager	scope:	lt	version:	14.1.2.5	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	gte	version:	13.1.0	Trust: 1.0
vendor:	f5	model:	big-ip ddos hybrid defender	scope:	lt	version:	14.1.2-0.89.37	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	lt	version:	13.1.3	Trust: 1.0
vendor:	f5	model:	big-ip ddos hybrid defender	scope:	gte	version:	13.1.0	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	gte	version:	14.1.2.1	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	gte	version:	14.1.0	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	gte	version:	14.1.2.1	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	gte	version:	11.6.1	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	lt	version:	11.6.5	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	gte	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	ssl orchestrator	scope:	gte	version:	13.1.0	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	gte	version:	15.0.0	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	lt	version:	15.0.1.2	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	gte	version:	13.1.0	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	lt	version:	14.1.2.5	Trust: 1.0
vendor:	f5	model:	big-ip ddos hybrid defender	scope:	gte	version:	11.6.1	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	lt	version:	11.6.5	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	lt	version:	15.0.1.2	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	lt	version:	14.1.2-0.89.37	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	gte	version:	13.1.0	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	lt	version:	14.1.2.5	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	gte	version:	14.1.0	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	lt	version:	11.6.5	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	gte	version:	14.1.2.1	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	lt	version:	11.6.5	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	gte	version:	11.6.1	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	lt	version:	14.1.2-0.89.37	Trust: 1.0
vendor:	f5	model:	ssl orchestrator	scope:	lt	version:	13.1.3	Trust: 1.0
vendor:	f5	model:	ssl orchestrator	scope:	gte	version:	11.6.1	Trust: 1.0
vendor:	f5	model:	big-ip advanced web application firewall	scope:	lt	version:	13.1.3	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	gte	version:	14.1.2.1	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	gte	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	lt	version:	14.1.2-0.89.37	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	gte	version:	13.1.0	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	gte	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	lt	version:	14.1.2-0.89.37	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	lt	version:	14.1.2-0.89.37	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	lt	version:	11.6.5	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	gte	version:	13.1.0	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	lt	version:	15.0.1.2	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	gte	version:	14.1.2.1	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	lt	version:	14.1.2.5	Trust: 1.0
vendor:	f5	model:	big-ip ddos hybrid defender	scope:	gte	version:	14.1.2.1	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	gte	version:	15.0.0	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	lt	version:	12.1.5.2	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	lt	version:	11.6.5	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	gte	version:	11.6.1	Trust: 1.0
vendor:	f5	model:	big-ip advanced web application firewall	scope:	gte	version:	15.0.0	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	gte	version:	15.0.0	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	gte	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	lt	version:	12.1.5.2	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	gte	version:	14.1.2.1	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	gte	version:	13.1.0	Trust: 1.0
vendor:	f5	model:	ssl orchestrator	scope:	gte	version:	14.1.2.1	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	lt	version:	14.1.2-0.89.37	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	gte	version:	11.6.1	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	gte	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	gte	version:	14.1.0	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	lt	version:	15.0.1.2	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	gte	version:	13.1.0	Trust: 1.0
vendor:	f5	model:	ssl orchestrator	scope:	lt	version:	15.0.1.2	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	lt	version:	14.1.2.5	Trust: 1.0
vendor:	f5	model:	ssl orchestrator	scope:	lt	version:	14.1.2.5	Trust: 1.0
vendor:	f5	model:	big-ip advanced web application firewall	scope:	lt	version:	15.0.1.2	Trust: 1.0
vendor:	f5	model:	big-ip ddos hybrid defender	scope:	gte	version:	14.1.0	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	gte	version:	11.6.1	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	gte	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip advanced web application firewall	scope:	lt	version:	14.1.2.5	Trust: 1.0
vendor:	f5	model:	big-ip ddos hybrid defender	scope:	gte	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	lt	version:	15.0.1.2	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	lt	version:	12.1.5.2	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	lt	version:	11.6.5	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	lt	version:	14.1.2.5	Trust: 1.0
vendor:	f5	model:	ssl orchestrator	scope:	gte	version:	14.1.0	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	gte	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	lt	version:	13.1.3	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	gte	version:	15.0.0	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	gte	version:	14.1.0	Trust: 1.0
vendor:	f5	model:	ssl orchestrator	scope:	gte	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	lt	version:	13.1.3	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	gte	version:	14.1.0	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	lt	version:	14.1.2-0.89.37	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	gte	version:	13.1.0	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	lt	version:	13.1.3	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	lt	version:	12.1.5.2	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	lt	version:	11.6.5	Trust: 1.0
vendor:	f5	model:	ssl orchestrator	scope:	lt	version:	12.1.5.2	Trust: 1.0
vendor:	f5	model:	ssl orchestrator	scope:	lt	version:	11.6.5	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	lt	version:	13.1.3	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	gte	version:	14.1.0	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	lt	version:	13.1.3	Trust: 1.0
vendor:	f5	model:	big-ip advanced web application firewall	scope:	lt	version:	12.1.5.2	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	lt	version:	11.6.5	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	lt	version:	12.1.5.2	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	lt	version:	11.6.5	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	gte	version:	11.6.1	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	gte	version:	14.1.0	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	lt	version:	14.1.2-0.89.37	Trust: 1.0
vendor:	f5	model:	ssl orchestrator	scope:	lt	version:	14.1.2-0.89.37	Trust: 1.0
vendor:	f5	model:	big-ip ddos hybrid defender	scope:	lt	version:	13.1.3	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	lt	version:	14.1.2-0.89.37	Trust: 1.0
vendor:	f5	model:	big-ip advanced web application firewall	scope:	gte	version:	14.1.2.1	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	gte	version:	14.1.2.1	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	lt	version:	13.1.3	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	lt	version:	14.1.2-0.89.37	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	gte	version:	15.0.0	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	lt	version:	15.0.1.2	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	gte	version:	11.6.1	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	gte	version:	14.1.0	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	lt	version:	14.1.2-0.89.37	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	lt	version:	14.1.2.5	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	gte	version:	13.1.0	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	lt	version:	15.0.1.2	Trust: 1.0
vendor:	f5	model:	big-ip ddos hybrid defender	scope:	gte	version:	15.0.0	Trust: 1.0
vendor:	f5	model:	big-ip advanced web application firewall	scope:	gte	version:	13.1.0	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	gte	version:	13.1.0	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	lt	version:	14.1.2.5	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	gte	version:	14.1.0	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	lt	version:	15.0.1.2	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	gte	version:	14.1.2.1	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	lt	version:	14.1.2.5	Trust: 1.0
vendor:	f5	model:	ssl orchestrator	scope:	gte	version:	15.0.0	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	gte	version:	11.6.1	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	gte	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	gte	version:	15.0.0	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	lt	version:	14.1.2.5	Trust: 1.0
vendor:	f5	model:	big-ip advanced web application firewall	scope:	gte	version:	11.6.1	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	gte	version:	11.6.1	Trust: 1.0
vendor:	f5	model:	big-ip advanced web application firewall	scope:	gte	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	gte	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	gte	version:	15.0.0	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	gte	version:	14.1.2.1	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	lt	version:	12.1.5.2	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	lt	version:	11.6.5	Trust: 1.0
vendor:	f5	model:	big-ip ddos hybrid defender	scope:	lt	version:	15.0.1.2	Trust: 1.0
vendor:	f5	model:	big-ip advanced web application firewall	scope:	lt	version:	11.6.5	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	lt	version:	15.0.1.2	Trust: 1.0
vendor:	f5	model:	big-ip ddos hybrid defender	scope:	lt	version:	14.1.2.5	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	gte	version:	13.1.0	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	gte	version:	15.0.0	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	lt	version:	12.1.5.2	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	lt	version:	14.1.2.5	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	gte	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	gte	version:	15.0.0	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	gte	version:	14.1.2.1	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	lt	version:	12.1.5.2	Trust: 1.0
vendor:	f5	model:	big-ip advanced web application firewall	scope:	lt	version:	14.1.2-0.89.37	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	lt	version:	12.1.5.2	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	lt	version:	13.1.3	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	lt	version:	12.1.5.2	Trust: 1.0
vendor:	f5	model:	big-ip advanced web application firewall	scope:	gte	version:	14.1.0	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	gte	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	lt	version:	13.1.3	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	gte	version:	15.0.0	Trust: 1.0
vendor:	f5	model:	big-ip fraud protection service	scope:	gte	version:	11.6.1	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	lt	version:	13.1.3	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	lt	version:	13.1.3	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	gte	version:	11.6.1	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	gte	version:	14.1.2.1	Trust: 1.0
vendor:	f5	model:	big-ip ddos hybrid defender	scope:	lt	version:	12.1.5.2	Trust: 1.0
vendor:	f5	model:	big-ip ddos hybrid defender	scope:	lt	version:	11.6.5	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	gte	version:	15.0.0	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	gte	version:	14.1.0	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	lt	version:	12.1.5.2	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	lt	version:	15.0.1.2	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	lt	version:	15.0.1.2	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	gte	version:	14.1.0	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip advanced firewall manager	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip advanced web application firewall	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip analytics	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip application acceleration manager	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip application security manager	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip ddos hybrid defender	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip domain name system	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip fraud protection service	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip global traffic manager	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip link controller	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip local traffic manager	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip policy enforcement manager	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	ssl orchestrator	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2020-010457 // NVD: CVE-2020-5913

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-5913
value:	HIGH
Trust: 1.0
NVD:	JVNDB-2020-010457
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202008-1247
value:	HIGH
Trust: 0.6
VULHUB:	VHN-184038
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-5913
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	JVNDB-2020-010457
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
VULHUB:	VHN-184038
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-5913
baseSeverity:	HIGH
baseScore:	7.4
vectorString:	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	2.2
impactScore:	5.2
version:	3.1
Trust: 1.0
NVD:	JVNDB-2020-010457
baseSeverity:	HIGH
baseScore:	7.4
vectorString:	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-184038 // JVNDB: JVNDB-2020-010457 // CNNVD: CNNVD-202008-1247 // NVD: CVE-2020-5913

PROBLEMTYPE DATA

problemtype:

CWE-295

Trust: 1.9

sources: VULHUB: VHN-184038 // JVNDB: JVNDB-2020-010457 // NVD: CVE-2020-5913

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202008-1247

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-202008-1247

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-010457

PATCH

title:

K72752002

url:

https://support.f5.com/csp/article/K72752002

Trust: 0.8

sources: JVNDB: JVNDB-2020-010457

EXTERNAL IDS

db:	NVD	id:	CVE-2020-5913	Trust: 2.5
db:	JVNDB	id:	JVNDB-2020-010457	Trust: 0.8
db:	CNNVD	id:	CNNVD-202008-1247	Trust: 0.7
db:	AUSCERT	id:	ESB-2020.2918.3	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.2918.2	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.2918.4	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.2918	Trust: 0.6
db:	CNVD	id:	CNVD-2020-50285	Trust: 0.1
db:	VULHUB	id:	VHN-184038	Trust: 0.1

sources: VULHUB: VHN-184038 // JVNDB: JVNDB-2020-010457 // CNNVD: CNNVD-202008-1247 // NVD: CVE-2020-5913

REFERENCES

url:	https://support.f5.com/csp/article/k72752002	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2020-5913	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5913	Trust: 0.8
url:	https://vigilance.fr/vulnerability/f5-big-ip-man-in-the-middle-via-server-ssl-revoked-certificates-33163	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.2918.2/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.2918/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.2918.3/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.2918.4/	Trust: 0.6

sources: VULHUB: VHN-184038 // JVNDB: JVNDB-2020-010457 // CNNVD: CNNVD-202008-1247 // NVD: CVE-2020-5913

SOURCES

db:	VULHUB	id:	VHN-184038
db:	JVNDB	id:	JVNDB-2020-010457
db:	CNNVD	id:	CNNVD-202008-1247
db:	NVD	id:	CVE-2020-5913

LAST UPDATE DATE

2024-11-23T21:59:06.930000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-184038	date:	2022-12-03T00:00:00
db:	JVNDB	id:	JVNDB-2020-010457	date:	2021-01-19T01:57:21
db:	CNNVD	id:	CNNVD-202008-1247	date:	2020-12-14T00:00:00
db:	NVD	id:	CVE-2020-5913	date:	2024-11-21T05:34:49.020

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-184038	date:	2020-08-26T00:00:00
db:	JVNDB	id:	JVNDB-2020-010457	date:	2021-01-19T01:57:21
db:	CNNVD	id:	CNNVD-202008-1247	date:	2020-08-26T00:00:00
db:	NVD	id:	CVE-2020-5913	date:	2020-08-26T15:15:13.053