Network Device Abstraction Layer Vulnerability in F5 BIG-IP Virtual Edition
CVE-2020-5881

7.5HIGH

Key Information:

Vendor: F5
Status: Big-ip Ve
Vendor: CVE Published:; 30 April 2020

Summary

In specific versions of F5's BIG-IP Virtual Edition, a vulnerability exists when VLAN groups are configured alongside devices using OSPF. This flaw can cause the Network Device Abstraction Layer (NDAL) interfaces to become unresponsive. Consequently, this disruption affects the communication between critical processes such as mcpd and tmm, potentially leading to service interruptions and degraded network performance.

Affected Version(s)

BIG-IP VE 15.0.0-15.1.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3

References

https://support.f5.com/csp/article/K03386032

x_refsource_CONFIRM

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 30, 2020
Vulnerability Reserved
Jan 6, 2020