CVE-2020-5886

Name of the Vulnerable Software and Affected Versions BIG-IP versions 12.1.0 through 12.1.5.1 BIG-IP versions 13.1.0 through 13.1.3.3 BIG-IP versions 14.1.0 through 14.1.2.3 BIG-IP versions 15.0.0 through 15.1.0.1

Description The issue affects BIG-IP systems set up for connection mirroring in a High Availability (HA) pair, where sensitive cryptographic objects are transferred over an insecure communications channel. This is a control plane issue exposed only on the network used for connection mirroring.

Recommendations For versions 12.1.0 through 12.1.5.1, consider disabling connection mirroring until a secure update is available. For versions 13.1.0 through 13.1.3.3, restrict access to the control plane to minimize exposure. For versions 14.1.0 through 14.1.2.3, avoid using the insecure communications channel for transferring sensitive cryptographic objects. For versions 15.0.0 through 15.1.0.1, apply configuration changes to secure the connection mirroring setup.