fkie_cve-2020-5923
Vulnerability from fkie_nvd
Published
2020-08-26 15:15
Modified
2024-11-21 05:34
Severity ?
Summary
In BIG-IP versions 15.0.0-15.1.0.4, 14.1.0-14.1.2.6, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1 and BIG-IQ versions 5.4.0-7.0.0, Self-IP port-lockdown bypass via IPv6 link-local addresses.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| f5sirt@f5.com | https://support.f5.com/csp/article/K05975972 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.f5.com/csp/article/K05975972 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BB236652-BD60-4FEF-9D59-8B49FB3A7655",
"versionEndExcluding": "11.6.5.2",
"versionStartIncluding": "11.6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EE0532FA-7B7B-46B3-AB10-0920034A7E43",
"versionEndExcluding": "12.1.5.2",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "592327AA-BCC4-4CD0-82C6-EA739F049E82",
"versionEndExcluding": "13.1.3.4",
"versionStartIncluding": "13.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3829D757-B0FD-42A7-B2A5-95274FF461A2",
"versionEndExcluding": "14.1.2.7",
"versionStartIncluding": "14.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D74CEC7B-10F2-4A4D-9C27-87A360B63EDC",
"versionEndExcluding": "15.1.0.5",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ADB2B518-F813-4B11-BBF5-0BFB2979A6B8",
"versionEndExcluding": "11.6.5.2",
"versionStartIncluding": "11.6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3B3DCE49-C37D-4951-AB57-7CDDEBA1C1E5",
"versionEndExcluding": "12.1.5.2",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3DD78D19-D17E-45EC-98C7-74D086AE68AA",
"versionEndExcluding": "13.1.3.4",
"versionStartIncluding": "13.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "45F9B579-F0F4-42DB-9F29-734278B3CEE8",
"versionEndExcluding": "14.1.2.7",
"versionStartIncluding": "14.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "02795117-99E5-4141-99DB-643548C732C9",
"versionEndExcluding": "15.1.0.5",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
"matchCriteriaId": "31E16A1B-E305-4390-976C-5F33A82EF396",
"versionEndExcluding": "11.6.5.2",
"versionStartIncluding": "11.6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0C3E75CB-C764-4868-8459-1FAC03506EE8",
"versionEndExcluding": "12.1.5.2",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F1C551C9-169C-450E-965A-4F9F3E2C785B",
"versionEndExcluding": "13.1.3.4",
"versionStartIncluding": "13.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DE6BA692-402E-4ACF-9177-D30D21009EE5",
"versionEndExcluding": "14.1.2.7",
"versionStartIncluding": "14.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D9624265-6375-4A5C-9ECB-8440B4EF9AEA",
"versionEndExcluding": "15.1.0.5",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0FB118FB-2EFB-4F17-B6E1-FC4B46B9C265",
"versionEndExcluding": "11.6.5.2",
"versionStartIncluding": "11.6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5D3F7911-FB00-4612-9109-9E7A407BC7B7",
"versionEndExcluding": "12.1.5.2",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B547F46F-5563-4E7F-8B69-3D25C6C58521",
"versionEndExcluding": "13.1.3.4",
"versionStartIncluding": "13.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B694BCD8-C5B4-491E-9F2D-2F5038E67A08",
"versionEndExcluding": "14.1.2.7",
"versionStartIncluding": "14.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B8822B59-ED2E-43CA-9A83-C15CF814B37D",
"versionEndExcluding": "15.1.0.5",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8999F566-9884-4CAA-BED7-8CF72F11E6F8",
"versionEndExcluding": "11.6.5.2",
"versionStartIncluding": "11.6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "91BF72A9-EB50-4315-B956-5926967DCC46",
"versionEndExcluding": "12.1.5.2",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4AEE0B76-3F8E-420A-9589-BF3FDB942DEB",
"versionEndExcluding": "13.1.3.4",
"versionStartIncluding": "13.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "99801F76-09C1-4055-A15E-B4DEC0819033",
"versionEndExcluding": "14.1.2.7",
"versionStartIncluding": "14.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1B5BABD9-A6B1-44DB-852B-46D53A29F34E",
"versionEndExcluding": "15.1.0.5",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F997F6D8-D08D-4EB0-BEA7-288AEFD6F28C",
"versionEndExcluding": "11.6.5.2",
"versionStartIncluding": "11.6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "73EC8EDA-669A-4750-934F-3B3FBF557080",
"versionEndExcluding": "12.1.5.2",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C7917031-0735-483C-A8DA-11430056D568",
"versionEndExcluding": "13.1.3.4",
"versionStartIncluding": "13.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7ACFC895-36F4-4C75-B218-8B9F0BF7CCE4",
"versionEndExcluding": "14.1.2.7",
"versionStartIncluding": "14.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "91EFF7F9-02E9-47D5-9937-9B849724F53B",
"versionEndExcluding": "15.1.0.5",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*",
"matchCriteriaId": "925DA0B2-7570-4819-845C-C35E5B168F80",
"versionEndExcluding": "11.6.5.2",
"versionStartIncluding": "11.6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A0581EEF-98E6-4961-8178-BA2D7647F931",
"versionEndExcluding": "12.1.5.2",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FFC5C221-AE58-4580-876A-E5FD7970A695",
"versionEndExcluding": "13.1.3.4",
"versionStartIncluding": "13.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*",
"matchCriteriaId": "87DCED41-57D0-4257-A88D-C7D860EBB6B4",
"versionEndExcluding": "14.1.2.7",
"versionStartIncluding": "14.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*",
"matchCriteriaId": "797730AC-8561-455C-A80F-F998BAECE402",
"versionEndExcluding": "15.1.0.5",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A4A036A0-5E0C-4E64-B88D-D1B61257896E",
"versionEndExcluding": "11.6.5.2",
"versionStartIncluding": "11.6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "32773569-67FE-4F08-A613-E507FCDEACEF",
"versionEndExcluding": "12.1.5.2",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "463AA399-492A-4DB6-BFD1-31725012AE8F",
"versionEndExcluding": "13.1.3.4",
"versionStartIncluding": "13.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9DCA10DD-417C-44AE-97F4-7E34BC262E2B",
"versionEndExcluding": "14.1.2.7",
"versionStartIncluding": "14.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "893198E8-C495-404B-9DB7-0B9147C74FE2",
"versionEndExcluding": "15.1.0.5",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "97AB336E-2A10-4508-9F20-DB54D628355F",
"versionEndExcluding": "11.6.5.2",
"versionStartIncluding": "11.6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4494F771-4026-478C-8004-B162653DC80C",
"versionEndExcluding": "12.1.5.2",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "98314370-E3C8-4CB5-9F48-57004EB96D8F",
"versionEndExcluding": "13.1.3.4",
"versionStartIncluding": "13.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E15696EE-E094-4F58-99D7-7F4C6875841C",
"versionEndExcluding": "14.1.2.7",
"versionStartIncluding": "14.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5176822D-4FDD-4E5F-910F-B311F21DA35D",
"versionEndExcluding": "15.1.0.5",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "54D289F0-1896-4996-AEDF-B299C6DB8945",
"versionEndExcluding": "11.6.5.2",
"versionStartIncluding": "11.6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A97489DC-A5DE-48AD-BBA2-F9078070F53A",
"versionEndExcluding": "12.1.5.2",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FBF128B7-874B-4E3A-B52F-1C2DE34F64A9",
"versionEndExcluding": "13.1.3.4",
"versionStartIncluding": "13.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C34BAE9A-74EA-4D55-802E-FD2A402331DD",
"versionEndExcluding": "14.1.2.7",
"versionStartIncluding": "14.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "48C22FBB-4A70-42CE-925A-F59210C6DA54",
"versionEndExcluding": "15.1.0.5",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "78F7A30F-4455-420D-9254-E9910E16EC3F",
"versionEndExcluding": "11.6.5.2",
"versionStartIncluding": "11.6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1EDB944B-DF60-45AF-AD60-33E9667E0D12",
"versionEndExcluding": "12.1.5.2",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "20C58940-C7A3-47A9-8C9E-7B652E4F4750",
"versionEndExcluding": "13.1.3.4",
"versionStartIncluding": "13.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6AE9FE91-55BE-4C31-9F39-23E7B8728E7C",
"versionEndExcluding": "14.1.2.7",
"versionStartIncluding": "14.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8E73951A-20AD-4D31-AB76-B8C3B1762A8C",
"versionEndExcluding": "15.1.0.5",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-iq_centralized_management:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F37D18F2-8C6A-4557-85DC-2A751595423C",
"versionEndIncluding": "6.1.0",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-iq_centralized_management:5.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A5C1DACF-0562-4A41-A9EC-60D1DC065007",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-iq_centralized_management:7.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2B589C35-55F2-4D40-B5A6-8267EE20D627",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In BIG-IP versions 15.0.0-15.1.0.4, 14.1.0-14.1.2.6, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1 and BIG-IQ versions 5.4.0-7.0.0, Self-IP port-lockdown bypass via IPv6 link-local addresses."
},
{
"lang": "es",
"value": "En BIG-IP versiones 15.0.0-15.1.0.4, 14.1.0-14.1.2.6, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1 y 11.6.1-11.6.5.1 y BIG-IQ versiones 5.4.0-7.0.0, una omisi\u00f3n del bloqueo de puerto Self-IP por medio de direcciones link-local IPv6"
}
],
"id": "CVE-2020-5923",
"lastModified": "2024-11-21T05:34:50.130",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.5,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-08-26T15:15:13.523",
"references": [
{
"source": "f5sirt@f5.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.f5.com/csp/article/K05975972"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.f5.com/csp/article/K05975972"
}
],
"sourceIdentifier": "f5sirt@f5.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…