CVE-2020-5898

Published: May 12, 2020Modified: Nov 21, 2024

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

In versions 7.1.5-7.1.9, BIG-IP Edge Client Windows Stonewall driver does not sanitize the pointer received from the userland. A local user on the Windows client system can send crafted DeviceIoControl requests to \\.\urvpndrv device causing the Windows kernel to crash.

Affected (6)

Products: F5: Big Ip Access Policy Manager, Big Ip Access Policy Manager Client

2 products

Big Ip Access Policy Manager

Big Ip Access Policy Manager Client

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
F5 Big Ip Access Policy Manager	From 11.6.1 to 11.6.5.1
F5 Big Ip Access Policy Manager	From 12.1.0 to 12.1.5.1
F5 Big Ip Access Policy Manager	From 13.1.0 to 13.1.3.3
F5 Big Ip Access Policy Manager	From 14.1.0 to 14.1.2.5
F5 Big Ip Access Policy Manager	From 15.0.0 to 15.1.0.3
F5 Big Ip Access Policy Manager Client	From 7.1.5 to 7.1.9

References (2)

https://support.f5.com/csp/article/K69154630

Source: f5sirt@f5.com

Vendor Advisory

https://support.f5.com/csp/article/K69154630

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.