fkie_nvd - fkie_cve-2020-5947

fkie_cve-2020-5947

Vulnerability from fkie_nvd

Published

2020-11-19 01:15

Modified

2024-11-21 05:34

Severity ?

4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Summary

In versions 16.0.0-16.0.0.1 and 15.1.0-15.1.1, on specific BIG-IP platforms, attackers may be able to obtain TCP sequence numbers from the BIG-IP system that can be reused in future connections with the same source and destination port and IP numbers. Only these platforms are affected: BIG-IP 2000 series (C112), BIG-IP 4000 series (C113), BIG-IP i2000 series (C117), BIG-IP i4000 series (C115), BIG-IP Virtual Edition (VE).

References

▶	URL	Tags
	f5sirt@f5.com	https://support.f5.com/csp/article/K64571774	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://support.f5.com/csp/article/K64571774	Vendor Advisory

Impacted products

Vendor	Product	Version
f5	big-ip_access_policy_manager	*
f5	big-ip_access_policy_manager	*
f5	big-ip_advanced_firewall_manager	*
f5	big-ip_advanced_firewall_manager	*
f5	big-ip_advanced_web_application_firewall	*
f5	big-ip_advanced_web_application_firewall	*
f5	big-ip_analytics	*
f5	big-ip_analytics	*
f5	big-ip_application_acceleration_manager	*
f5	big-ip_application_acceleration_manager	*
f5	big-ip_application_security_manager	*
f5	big-ip_application_security_manager	*
f5	big-ip_ddos_hybrid_defender	*
f5	big-ip_ddos_hybrid_defender	*
f5	big-ip_domain_name_system	*
f5	big-ip_domain_name_system	*
f5	big-ip_fraud_protection_service	*
f5	big-ip_fraud_protection_service	*
f5	big-ip_global_traffic_manager	*
f5	big-ip_global_traffic_manager	*
f5	big-ip_link_controller	*
f5	big-ip_link_controller	*
f5	big-ip_local_traffic_manager	*
f5	big-ip_local_traffic_manager	*
f5	big-ip_policy_enforcement_manager	*
f5	big-ip_policy_enforcement_manager	*
f5	ssl_orchestrator	*
f5	ssl_orchestrator	*
f5	big-ip_virtual_edition	-
f5	big-ip_2000	c112
f5	big-ip_4000	c113
f5	big-ip_i2000	c117
f5	big-ip_i4000	c115

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5AC29EF0-7E85-4BB1-A183-D03FC53868ED",
              "versionEndExcluding": "15.1.2",
              "versionStartIncluding": "15.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F3F98DD-C142-4030-AD11-A3129D5FFEA9",
              "versionEndExcluding": "16.0.1",
              "versionStartIncluding": "16.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DD50CF60-A880-4495-AD3F-9A5C744506AF",
              "versionEndExcluding": "15.1.2",
              "versionStartIncluding": "15.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1247022A-F95F-4DF6-87AC-2E6757B01DC3",
              "versionEndExcluding": "16.0.1",
              "versionStartIncluding": "16.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "286DABB7-9C44-4050-AB2E-C4B4EAE2EEFD",
              "versionEndExcluding": "15.1.2",
              "versionStartIncluding": "15.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F7034BE5-23A6-47FA-9D80-3F3CF29DA2B5",
              "versionEndExcluding": "16.0.1",
              "versionStartIncluding": "16.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "69C1B709-03E8-4371-8EC4-C13BF134B6F6",
              "versionEndExcluding": "15.1.2",
              "versionStartIncluding": "15.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F491CF7C-EC9A-4413-9B84-459FE83E0AF5",
              "versionEndExcluding": "16.0.1",
              "versionStartIncluding": "16.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "217C0D97-5942-4609-BC5D-0D8D145E2436",
              "versionEndExcluding": "15.1.2",
              "versionStartIncluding": "15.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D54A135F-CD1E-41AD-82C3-F15A21AA87BE",
              "versionEndExcluding": "16.0.1",
              "versionStartIncluding": "16.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F20E2679-A1C0-4925-9284-DBA57F40C41C",
              "versionEndExcluding": "15.1.2",
              "versionStartIncluding": "15.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C3B360C4-C9E2-4889-ADD5-3482E69BA8E7",
              "versionEndExcluding": "16.0.1",
              "versionStartIncluding": "16.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC2FA5AD-6375-48C4-B602-E3BD464BF9FF",
              "versionEndExcluding": "15.1.2",
              "versionStartIncluding": "15.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3448CBCB-D42E-4DAA-A52F-4225B2EB022A",
              "versionEndExcluding": "16.0.1",
              "versionStartIncluding": "16.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "363C0C5C-A8EE-4BF9-92E3-506DA88D8CD3",
              "versionEndExcluding": "15.1.2",
              "versionStartIncluding": "15.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B7466098-C689-4E4B-879F-0433A020FDBC",
              "versionEndExcluding": "16.0.1",
              "versionStartIncluding": "16.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1DB39FC0-D2B4-4854-B49B-722A67F729E2",
              "versionEndExcluding": "15.1.2",
              "versionStartIncluding": "15.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "574397F4-0234-48D3-B024-D7963A41E21C",
              "versionEndExcluding": "16.0.1",
              "versionStartIncluding": "16.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7BFEB115-A4F3-4FA3-A838-CE91AB6888F1",
              "versionEndIncluding": "15.1.2",
              "versionStartIncluding": "15.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB7047B3-A248-424C-98D8-A0DD99A86F50",
              "versionEndExcluding": "16.0.1",
              "versionStartIncluding": "16.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "315AB5D6-FC37-44F5-989F-33FA4EC4654F",
              "versionEndExcluding": "15.1.2",
              "versionStartIncluding": "15.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "15439AAC-1535-4087-9170-C885716736F4",
              "versionEndExcluding": "16.0.1",
              "versionStartIncluding": "16.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AECF3150-98BD-4F39-84D9-584E36B357CB",
              "versionEndExcluding": "15.1.2",
              "versionStartIncluding": "15.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F9D19B2-1D89-4917-A82E-289EDE52C68F",
              "versionEndExcluding": "16.0.1",
              "versionStartIncluding": "16.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7C250F1A-D949-4389-B46B-25B63FBC167D",
              "versionEndExcluding": "15.1.2",
              "versionStartIncluding": "15.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0319299-FCCE-4B8F-8DB5-83AF0C3D68D5",
              "versionEndExcluding": "16.0.1",
              "versionStartIncluding": "16.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:ssl_orchestrator:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3B9426CC-5EE8-4250-82DA-24A6004F1794",
              "versionEndExcluding": "15.1.2",
              "versionStartIncluding": "15.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:ssl_orchestrator:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "37DB95DF-DAAE-4E11-9D91-A097A44176DB",
              "versionEndExcluding": "16.0.1",
              "versionStartIncluding": "16.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:f5:big-ip_virtual_edition:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5231D20F-5BCF-42BE-BA4B-A3705FE372FA",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:f5:big-ip_2000:c112:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C9C2CDC-1DBA-414A-BD24-5C80EF341D42",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:f5:big-ip_4000:c113:*:*:*:*:*:*:*",
              "matchCriteriaId": "086D8EA0-55E3-4EA0-A511-A50E75150B1E",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:f5:big-ip_i2000:c117:*:*:*:*:*:*:*",
              "matchCriteriaId": "E874EF24-9120-45FD-98B6-FA8414EECFA4",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:f5:big-ip_i4000:c115:*:*:*:*:*:*:*",
              "matchCriteriaId": "431D46C5-4C56-425F-B919-0F3954EEBCD6",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In versions 16.0.0-16.0.0.1 and 15.1.0-15.1.1, on specific BIG-IP platforms, attackers may be able to obtain TCP sequence numbers from the BIG-IP system that can be reused in future connections with the same source and destination port and IP numbers. Only these platforms are affected: BIG-IP 2000 series (C112), BIG-IP 4000 series (C113), BIG-IP i2000 series (C117), BIG-IP i4000 series (C115), BIG-IP Virtual Edition (VE)."
    },
    {
      "lang": "es",
      "value": "En versiones 16.0.0-16.0.0.1 y 15.1.0-15.1.1, en plataformas BIG-IP espec\u00edficas, unos atacantes pueden obtener n\u00fameros de secuencia TCP del sistema BIG-IP que pueden ser reusadas en conexiones futuras con el mismo puerto de origen y destino y n\u00fameros IP.\u0026#xa0;Solo estas plataformas est\u00e1n afectadas: serie BIG-IP 2000 (C112), serie BIG-IP 4000 (C113), serie BIG-IP i2000 (C117), serie BIG-IP i4000 (C115), BIG-IP Virtual Edition (VE)"
    }
  ],
  "id": "CVE-2020-5947",
  "lastModified": "2024-11-21T05:34:53.050",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-11-19T01:15:12.593",
  "references": [
    {
      "source": "f5sirt@f5.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.f5.com/csp/article/K64571774"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.f5.com/csp/article/K64571774"
    }
  ],
  "sourceIdentifier": "f5sirt@f5.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2020-5947 (GCVE-0-2020-5947)

Vulnerability from cvelistv5

Published

2020-11-19 00:14

Modified

2024-08-04 08:47

Severity ?

CWE

TCP sequence prediction

Summary

References

►

URL

Tags

https://support.f5.com/csp/article/K64571774

x_refsource_CONFIRM