Vulnerability CVE-2020-5921

Vulnerability Name:

CVE-2020-5921 (CCN-187394)

Assigned:

2020-08-25

Published:

2020-08-25

Updated:

2021-07-21

Summary:

in BIG-IP versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2.6, 13.1.0-13.1.3.4, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.2, Syn flood causes large number of MCPD context messages destined to secondary blades consuming memory leading to MCPD failure. This issue affects only VIPRION hosts with two or more blades installed. Single-blade VIPRION hosts are not affected.

CVSS v3 Severity:

7.5 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
6.5 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): High

7.5 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
6.5 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): High

CVSS v2 Severity:

5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

7.8 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Complete

Vulnerability Type:

CWE-400

Vulnerability Consequences:

Denial of Service

References:

Source: MITRE
Type: CNA
CVE-2020-5921

Source: XF
Type: UNKNOWN
f5-cve20205921-dos(187394)

Source: CCN
Type: F5 Security Advisory K05975972
BIG-IP VIPRION MCPD vulnerability CVE-2020-5921

Source: MISC
Type: Vendor Advisory
https://support.f5.com/csp/article/K00103216

Vulnerable Configuration:

Configuration 1:

cpe:/a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:* (Version >= 12.1.0 and < 12.1.5.2)

OR cpe:/a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:* (Version >= 14.1.0 and < 14.1.2.7)

OR cpe:/a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:* (Version >= 15.0.0 and < 15.0.1.4)

OR cpe:/a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:* (Version >= 15.1.0 and < 15.1.0.5)

OR cpe:/a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:* (Version >= 12.1.0 and < 12.1.5.2)

OR cpe:/a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:* (Version >= 14.1.0 and < 14.1.2.7)

OR cpe:/a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:* (Version >= 15.0.0 and < 15.0.1.4)

OR cpe:/a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:* (Version >= 15.1.0 and < 15.1.0.5)

OR cpe:/a:f5:big-ip_analytics:*:*:*:*:*:*:*:* (Version >= 12.1.0 and < 12.1.5.2)

OR cpe:/a:f5:big-ip_analytics:*:*:*:*:*:*:*:* (Version >= 14.1.0 and < 14.1.2.7)

OR cpe:/a:f5:big-ip_analytics:*:*:*:*:*:*:*:* (Version >= 15.0.0 and < 15.0.1.4)

OR cpe:/a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:* (Version >= 12.1.0 and < 12.1.5.2)

OR cpe:/a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:* (Version >= 15.0.0 and < 15.0.1.4)

OR cpe:/a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:* (Version >= 12.1.0 and < 12.1.5.2)

OR cpe:/a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:* (Version >= 15.0.0 and < 15.0.1.4)

OR cpe:/a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:* (Version >= 12.1.0 and < 12.1.5.2)

OR cpe:/a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:* (Version >= 15.0.0 and < 15.0.1.4)

OR cpe:/a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:* (Version >= 12.1.0 and < 12.1.5.2)

OR cpe:/a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:* (Version >= 15.0.0 and < 15.0.1.4)

OR cpe:/a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:* (Version >= 12.1.0 and < 12.1.5.2)

OR cpe:/a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:* (Version >= 15.0.0 and < 15.0.1.4)

OR cpe:/a:f5:big-ip_link_controller:*:*:*:*:*:*:*:* (Version >= 12.1.0 and < 12.1.5.2)

OR cpe:/a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:* (Version >= 15.1.0 and < 15.1.0.5)

OR cpe:/a:f5:big-ip_analytics:*:*:*:*:*:*:*:* (Version >= 15.1.0 and < 15.1.0.5)

OR cpe:/a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:* (Version >= 15.1.0 and < 15.1.0.5)

OR cpe:/a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:* (Version >= 15.1.0 and < 15.1.0.5)

OR cpe:/a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:* (Version >= 15.1.0 and < 15.1.0.5)

OR cpe:/a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:* (Version >= 15.1.0 and < 15.1.0.5)

OR cpe:/a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:* (Version >= 14.1.0 and < 14.1.2.7)

OR cpe:/a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:* (Version >= 14.1.0 and < 14.1.2.7)

OR cpe:/a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:* (Version >= 14.1.0 and < 14.1.2.7)

OR cpe:/a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:* (Version >= 14.1.0 and < 14.1.2.7)

OR cpe:/a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:* (Version >= 14.1.0 and < 14.1.2.7)

OR cpe:/a:f5:big-ip_link_controller:*:*:*:*:*:*:*:* (Version >= 15.0.0 and < 15.0.1.4)

OR cpe:/a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:* (Version >= 12.1.0 and < 12.1.5.2)

OR cpe:/a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:* (Version >= 15.0.0 and < 15.0.1.4)

OR cpe:/a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:* (Version >= 12.1.0 and < 12.1.5.2)

OR cpe:/a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:* (Version >= 15.0.0 and < 15.0.1.4)

OR cpe:/a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:* (Version >= 15.1.0 and < 15.1.0.5)

OR cpe:/a:f5:big-ip_link_controller:*:*:*:*:*:*:*:* (Version >= 15.1.0 and < 15.1.0.5)

OR cpe:/a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:* (Version >= 15.1.0 and < 15.1.0.5)

OR cpe:/a:f5:big-ip_link_controller:*:*:*:*:*:*:*:* (Version >= 14.1.0 and < 14.1.2.7)

OR cpe:/a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:* (Version >= 14.1.0 and < 14.1.2.7)

OR cpe:/a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:* (Version >= 14.1.0 and < 14.1.2.7)

Configuration CCN 1:

cpe:/a:f5:big-ip:13.1.0:*:*:*:*:*:*:*

OR cpe:/a:f5:big-ip:11.6.1:*:*:*:*:*:*:*

OR cpe:/a:f5:big-ip:15.0.0:*:*:*:*:*:*:*

OR cpe:/o:f5:big-ip:13.1.3:*:*:*:*:*:*:*

OR cpe:/o:f5:big-ip:12.1.5:*:*:*:*:*:*:*

OR cpe:/o:f5:big-ip:11.6.5:*:*:*:*:*:*:*

OR cpe:/o:f5:big-ip:15.0.1:*:*:*:*:*:*:*

OR cpe:/o:f5:big-ip:14.1.2:*:*:*:*:*:*:*

OR cpe:/o:f5:big-ip:15.1.0:*:*:*:*:*:*:*

OR cpe:/a:f5:big-ip:14.1.0:*:*:*:*:*:*:*

OR cpe:/a:f5:big-ip:12.1.0:*:*:*:*:*:*:*

Denotes that component is vulnerable

BACK