Details of VAR-202011-1452

ID

VAR-202011-1452

CVE

CVE-2020-5944

TITLE

BIG-IQ Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2020-013143

DESCRIPTION

In BIG-IQ 7.1.0, accessing the DoS Summary events and DNS Overview pages in the BIG-IQ system interface returns an error message due to disabled Grafana reverse proxy in web service configuration. F5 has done further review of this vulnerability and has re-classified it as a defect. CVE-2020-5944 will continue to be referenced in F5 Security Advisory K57274211 and will not be assigned to other F5 vulnerabilities. BIG-IQ Contains an unspecified vulnerability.Denial of service (DoS) It may be put into a state. F5 BIG-IQ Centralized Management is a set of software-based cloud management solutions from F5 Corporation of the United States. The solution supports the deployment of application delivery and network services across public and private clouds, traditional data centers and hybrid environments

Trust: 1.71

sources: NVD: CVE-2020-5944 // JVNDB: JVNDB-2020-013143 // VULHUB: VHN-184069

AFFECTED PRODUCTS

vendor:	f5	model:	big-iq centralized management	scope:	lt	version:	7.1.0.1	Trust: 1.0
vendor:	f5	model:	big-iq centralized management	scope:	gte	version:	7.1.0	Trust: 1.0
vendor:	f5	model:	big-iq centralized management	scope:	eq	version:	-	Trust: 0.8
vendor:	f5	model:	big-iq centralized management	scope:	eq	version:	7.1.0	Trust: 0.8

sources: JVNDB: JVNDB-2020-013143 // NVD: CVE-2020-5944

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-5944
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2020-5944
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202011-221
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-184069
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-5944
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-184069
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-5944
baseSeverity:	MEDIUM
baseScore:	4.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	LOW
exploitabilityScore:	2.8
impactScore:	1.4
version:	3.1
Trust: 1.0
NVD:	CVE-2020-5944
baseSeverity:	MEDIUM
baseScore:	4.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	LOW
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-184069 // JVNDB: JVNDB-2020-013143 // CNNVD: CNNVD-202011-221 // NVD: CVE-2020-5944

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	Lack of information (CWE-noinfo) [NVD Evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2020-013143 // NVD: CVE-2020-5944

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202011-221

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202011-221

PATCH

title:	K57274211	url:	https://support.f5.com/csp/article/K57274211	Trust: 0.8
title:	F5 BIG-IQ Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=132706	Trust: 0.6

sources: JVNDB: JVNDB-2020-013143 // CNNVD: CNNVD-202011-221

EXTERNAL IDS

db:	NVD	id:	CVE-2020-5944	Trust: 2.5
db:	JVNDB	id:	JVNDB-2020-013143	Trust: 0.8
db:	CNNVD	id:	CNNVD-202011-221	Trust: 0.7
db:	AUSCERT	id:	ESB-2020.3784	Trust: 0.6
db:	VULHUB	id:	VHN-184069	Trust: 0.1

sources: VULHUB: VHN-184069 // JVNDB: JVNDB-2020-013143 // CNNVD: CNNVD-202011-221 // NVD: CVE-2020-5944

REFERENCES

url:	https://support.f5.com/csp/article/k57274211	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2020-5944	Trust: 1.4
url:	https://www.auscert.org.au/bulletins/esb-2020.3784/	Trust: 0.6

sources: VULHUB: VHN-184069 // JVNDB: JVNDB-2020-013143 // CNNVD: CNNVD-202011-221 // NVD: CVE-2020-5944

SOURCES

db:	VULHUB	id:	VHN-184069
db:	JVNDB	id:	JVNDB-2020-013143
db:	CNNVD	id:	CNNVD-202011-221
db:	NVD	id:	CVE-2020-5944

LAST UPDATE DATE

2024-11-23T22:40:50.780000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-184069	date:	2022-01-01T00:00:00
db:	JVNDB	id:	JVNDB-2020-013143	date:	2021-06-21T05:15:00
db:	CNNVD	id:	CNNVD-202011-221	date:	2020-12-14T00:00:00
db:	NVD	id:	CVE-2020-5944	date:	2024-11-21T05:34:52.697

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-184069	date:	2020-11-05T00:00:00
db:	JVNDB	id:	JVNDB-2020-013143	date:	2021-06-21T00:00:00
db:	CNNVD	id:	CNNVD-202011-221	date:	2020-11-03T00:00:00
db:	NVD	id:	CVE-2020-5944	date:	2020-11-05T20:15:17.817