CVE-2020-5898

Name of the Vulnerable Software and Affected Versions BIG-IP Edge Client versions 7.1.5 through 7.1.9

Description The BIG-IP Edge Client Windows Stonewall driver does not properly sanitize pointers received from userland, allowing a local user on the Windows client system to send crafted DeviceIoControl requests to the .urvpndrv device. This can cause the Windows kernel to crash.

Recommendations For versions 7.1.5 through 7.1.9, consider disabling the Stonewall driver as a temporary workaround until a patch is available. Restrict access to the .urvpndrv device to minimize the risk of exploitation. Avoid using the DeviceIoControl requests to the vulnerable device until the issue is resolved.