Crypto Key Vulnerability in F5 BIG-IP and BIG-IQ Products
CVE-2020-5917

5.9MEDIUM

Key Information:

Vendor: F5
Status: Big-ip, Big-iq
Vendor: CVE Published:; 26 August 2020

What is CVE-2020-5917?

The vulnerability arises from the use of OpenSSH servers in F5 BIG-IP and BIG-IQ products that employ cryptographic keys shorter than 2048 bits. These insufficiently robust keys are deemed insecure in the current landscape of cybersecurity threats, making SSH connections susceptible to interception and exploitation by malicious actors. Organizations using affected versions must upgrade to ensure strong cryptographic standards and maintain secure communications.

Affected Version(s)

BIG-IP, BIG-IQ BIG-IP 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.1, 11.6.1-11.6.5.2

BIG-IP, BIG-IQ BIG-IQ 5.2.0-7.0.0

References

https://support.f5.com/csp/article/K43404629

x_refsource_MISC

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 26, 2020
Vulnerability Reserved
Jan 6, 2020