Access Control Bypass in F5 BIG-IP Virtual Edition
CVE-2020-5888

8.1HIGH

Key Information:

Vendor: F5
Status: Big-ip Ve
Vendor: CVE Published:; 30 April 2020

What is CVE-2020-5888?

F5 BIG-IP Virtual Edition versions 15.1.0 through 15.1.0.1, 15.0.0 through 15.0.1.2, and 14.1.0 through 14.1.2.3 are vulnerable to an access control bypass issue. This vulnerability allows adjacent network attackers to potentially access local daemons and circumvent port lockdown settings, posing serious risks to network security. It is important for organizations using affected versions to apply security patches and implement protective measures.

Affected Version(s)

BIG-IP VE 15.1.0-15.1.0.1, 15.0.0-15.0.1.2, 14.1.0-14.1.2.3

References

https://support.f5.com/csp/article/K73274382

x_refsource_CONFIRM

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 30, 2020
Vulnerability Reserved
Jan 6, 2020