PT-2020-18788 · F5 · Big-Ip Virtual Edition
Published
2020-04-30
·
Updated
2020-05-04
·
CVE-2020-5887
CVSS v3.1
9.1
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
BIG-IP Virtual Edition (VE) versions 14.1.0 through 14.1.2.3
BIG-IP Virtual Edition (VE) versions 15.0.0 through 15.0.1.2
BIG-IP Virtual Edition (VE) versions 15.1.0 through 15.1.0.1
Description
The issue may expose a mechanism for remote attackers to access local daemons and bypass port lockdown settings.
Recommendations
For versions 14.1.0 through 14.1.2.3, update to a version outside of this range to resolve the issue.
For versions 15.0.0 through 15.0.1.2, update to a version outside of this range to resolve the issue.
For versions 15.1.0 through 15.1.0.1, update to a version outside of this range to resolve the issue.
Fix
Exposure of Resource to Wrong Sphere
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Big-Ip Virtual Edition