Weak Authentication and Encryption Flaw in F5 BIG-IP Products
CVE-2020-5860

8.1HIGH

Key Information:

Vendor
F5
Status
Big-ip, Big-iq
Vendor
CVE Published:
27 March 2020

Summary

A security issue exists in F5's BIG-IP and BIG-IQ products which affects the High Availability (HA) network failover process within the Device Service Cluster (DSC). This flaw allows failover actions without the necessity of strong authentication measures, and the network traffic associated with the HA failover is not secured by Transport Layer Security (TLS). This lack of robust authentication and encryption could expose systems to potential unauthorized access and data interception risks, making it crucial for users to take necessary security measures.

Affected Version(s)

BIG-IP, BIG-IQ BIG-IP 15.0.0-15.1.0.2, 14.1.0-14.1.2.3, 13.1.0-13.1.3.2, 12.1.0-12.1.5.1, 11.5.2-11.6.5.1

BIG-IP, BIG-IQ BIG-IQ 7.0.0, 6.0.0-6.1.0, 5.2.0-5.4.0

References

https://support.f5.com/csp/article/K67472032
x_refsource_MISC

CVSS V3.1

Score:
8.1
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.