CVE-2020-5947

4.3MEDIUM

Key Information:

Vendor: F5
Status: Big-ip 2000 Series (c112), Big-ip 4000 Series (c113), Big-ip I2000 Series (c117), Big-ip I4000 Series (c115), Big-ip Virtual Edition (ve)
Vendor: CVE Published:; 19 November 2020

Summary

In versions 16.0.0-16.0.0.1 and 15.1.0-15.1.1, on specific BIG-IP platforms, attackers may be able to obtain TCP sequence numbers from the BIG-IP system that can be reused in future connections with the same source and destination port and IP numbers. Only these platforms are affected: BIG-IP 2000 series (C112), BIG-IP 4000 series (C113), BIG-IP i2000 series (C117), BIG-IP i4000 series (C115), BIG-IP Virtual Edition (VE).

Affected Version(s)

BIG-IP 2000 series (C112), BIG-IP 4000 series (C113), BIG-IP i2000 series (C117), BIG-IP i4000 series (C115), BIG-IP Virtual Edition (VE) 16.0.0-16.0.0.1

BIG-IP 2000 series (C112), BIG-IP 4000 series (C113), BIG-IP i2000 series (C117), BIG-IP i4000 series (C115), BIG-IP Virtual Edition (VE) 15.1.0-15.1.1

References

https://support.f5.com/csp/article/K64571774

x_refsource_CONFIRM

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 19, 2020
Vulnerability Reserved
Jan 6, 2020