CVE-2020-5859

Name of the Vulnerable Software and Affected Versions F5 BIG-IP versions 15.1.0.1

Description The issue is related to the processing of specially formatted HTTP/3 messages, which may cause the Traffic Management Microkernel (TMM) to produce a core file. This is also associated with errors in handling input data by the BIG-IP Access Policy Manager, a tool for access control and remote authentication. Exploitation of this issue could allow a remote attacker to cause a denial of service.

Recommendations For version 15.1.0.1, consider disabling the handling of HTTP/3 messages until a patch is available to prevent TMM from producing a core file. Restrict access to the BIG-IP Access Policy Manager to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.