Memory Leak Vulnerability in F5 BIG-IP DNS and Related Products
CVE-2020-27725

4.3MEDIUM

Key Information:

Vendor: F5
Status: Big-ip Dns, Gtm, And Link Controller
Vendor: CVE Published:; 24 December 2020

What is CVE-2020-27725?

A memory leak occurs in F5's BIG-IP DNS and related products that could be exploited when users with access to TMSH, iControl, or SNMP services list DNS zones. This flaw allows potentially sensitive information regarding DNS zone data to be leaked, raising concerns about data exposure and system integrity.

Affected Version(s)

BIG-IP DNS, GTM, and Link Controller 15.1.0-15.1.0.5, 14.1.0-14.1.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.2, 11.6.1-11.6.5.2

References

https://support.f5.com/csp/article/K25595031

x_refsource_MISC

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 24, 2020
Vulnerability Reserved
Oct 26, 2020