PT-2020-18794 · F5 · Big-Ip Edge Client

Published

2020-04-30

Updated

2021-07-21

CVE-2020-5893

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions F5 BIG-IP Edge Client versions 7.1.5 through 7.1.8

Description The issue arises when a user connects to a VPN using BIG-IP Edge Client over an unsecure network. In this scenario, BIG-IP Edge Client responds to authentication requests over HTTP while sending probes for captive portal detection.

Recommendations For versions 7.1.5 through 7.1.8, consider disabling the use of HTTP for authentication requests until a patch is available. Restrict access to unsecure networks to minimize the risk of exploitation.

Fix

Cleartext Transmission of Sensitive Information

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-319

Related Identifiers

CVE-2020-5893

Affected Products

Big-Ip Edge Client

PT-2020-18794 · F5 · Big-Ip Edge Client

CVE-2020-5893

Weakness Enumeration

Related Identifiers

Affected Products

References · 3