Vulnerability in BIG-IP Edge Client for F5 Networks due to HTTP Authentication
CVE-2020-5893

3.7LOW

Key Information:

Vendor: F5
Status: Big-ip Edge Client
Vendor: CVE Published:; 30 April 2020

Summary

In certain versions of the BIG-IP Edge Client, users connecting to a VPN over an unsecure network may inadvertently expose authentication credentials. The client responds to authentication requests using HTTP rather than HTTPS, creating a significant risk of sensitive data interception. This occurs while the client is attempting to detect captive portals, thereby compromising secure communications.

Affected Version(s)

BIG-IP Edge Client 7.1.5-7.1.8

References

https://support.f5.com/csp/article/K97733133

x_refsource_CONFIRM

CVSS V3.1

Score:

3.7

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 30, 2020
Vulnerability Reserved
Jan 6, 2020