CVE-2020-5893

Published: Apr 30, 2020Modified: Nov 21, 2024

3.7

Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Exploitability: 2.2 / Impact: 1.4

Source: NVD

Description

In versions 7.1.5-7.1.8, when a user connects to a VPN using BIG-IP Edge Client over an unsecure network, BIG-IP Edge Client responds to authentication requests over HTTP while sending probes for captive portal detection.

Affected (6)

Products: F5: Big Ip Access Policy Manager, Big Ip Access Policy Manager Client

2 products

Big Ip Access Policy Manager

Big Ip Access Policy Manager Client

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
F5 Big Ip Access Policy Manager	From 11.6.1 to 11.6.5
F5 Big Ip Access Policy Manager	From 12.1.0 to 12.1.5
F5 Big Ip Access Policy Manager	From 13.1.0 to 13.1.3
F5 Big Ip Access Policy Manager	From 14.0.0 to 14.1.2
F5 Big Ip Access Policy Manager	From 15.0.0 to 15.1.0
F5 Big Ip Access Policy Manager Client	From 7.1.5 to 7.1.9

Related CWEs

CWE-319

Cleartext Transmission of Sensitive Information

The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

References (2)

https://support.f5.com/csp/article/K97733133

Source: f5sirt@f5.com

Vendor Advisory

https://support.f5.com/csp/article/K97733133

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.