CVE-2020-5913

Name of the Vulnerable Software and Affected Versions F5 BIG-IP versions 11.6.1 through 11.6.5.2 F5 BIG-IP versions 12.1.0 through 12.1.5.1 F5 BIG-IP versions 13.1.0 through 13.1.3.4 F5 BIG-IP versions 14.1.0 through 14.1.2.3 F5 BIG-IP versions 15.0.0 through 15.1.0.1

Description The issue arises from the BIG-IP Client or Server SSL profile ignoring revoked certificates, even when a valid Certificate Revocation List (CRL) is present. This affects SSL/TLS connections, potentially leading to a man-in-the-middle attack on these connections.

Recommendations For versions 11.6.1 through 11.6.5.2, update the SSL profile configuration to properly handle revoked certificates. For versions 12.1.0 through 12.1.5.1, update the SSL profile configuration to properly handle revoked certificates. For versions 13.1.0 through 13.1.3.4, update the SSL profile configuration to properly handle revoked certificates. For versions 14.1.0 through 14.1.2.3, update the SSL profile configuration to properly handle revoked certificates. For versions 15.0.0 through 15.1.0.1, update the SSL profile configuration to properly handle revoked certificates.