Access Control Bypass in F5 BIG-IP Virtual Edition
CVE-2020-5888

8.1HIGH

Key Information:

Vendor
F5
Status
Vendor
CVE Published:
30 April 2020

Summary

F5 BIG-IP Virtual Edition versions 15.1.0 through 15.1.0.1, 15.0.0 through 15.0.1.2, and 14.1.0 through 14.1.2.3 are vulnerable to an access control bypass issue. This vulnerability allows adjacent network attackers to potentially access local daemons and circumvent port lockdown settings, posing serious risks to network security. It is important for organizations using affected versions to apply security patches and implement protective measures.

Affected Version(s)

BIG-IP VE 15.1.0-15.1.0.1, 15.0.0-15.0.1.2, 14.1.0-14.1.2.3

References

CVSS V3.1

Score:
8.1
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.