CVE-2020-5892

Published: Apr 30, 2020Modified: Nov 21, 2024

6.7

Vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Exploitability: 0.8 / Impact: 5.9

Source: NVD

Description

In versions 7.1.5-7.1.8, the BIG-IP Edge Client components in BIG-IP APM, Edge Gateway, and FirePass legacy allow attackers to obtain the full session ID from process memory.

Affected (11)

Products: F5: Big Ip Access Policy Manager, Big Ip Access Policy Manager Client, Big Ip Edge Gateway

3 products

Big Ip Access Policy Manager

Big Ip Access Policy Manager Client

Big Ip Edge Gateway

Configuration A

11 vulnerable

Vulnerable Software	Affected Versions
F5 Big Ip Access Policy Manager	From 11.6.1 to 11.6.5
F5 Big Ip Access Policy Manager	From 12.1.0 to 12.1.5
F5 Big Ip Access Policy Manager	From 13.0.0 to 13.1.3
F5 Big Ip Access Policy Manager	From 14.0.0 to 14.1.2
F5 Big Ip Access Policy Manager	From 15.0.0 to 15.1.0
F5 Big Ip Access Policy Manager Client	From 7.1.5 to 7.1.8
F5 Big Ip Edge Gateway	From 11.6.1 to 11.6.5
F5 Big Ip Edge Gateway	From 12.1.0 to 12.1.5
F5 Big Ip Edge Gateway	From 13.0.0 to 13.1.3
F5 Big Ip Edge Gateway	From 14.0.0 to 14.1.2
F5 Big Ip Edge Gateway	From 15.0.0 to 15.1.0

References (2)

https://support.f5.com/csp/article/K15838353

Source: f5sirt@f5.com

Vendor Advisory

https://support.f5.com/csp/article/K15838353

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.