← Back

CVE-2020-5924

nvd nist
Published: Aug 26, 2020Modified: Nov 21, 2024

JSON object

Loading...
5.3
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Exploitability: 3.9 / Impact: 1.4
Source: NVD

Description

In BIG-IP APM versions 12.1.0-12.1.5.1 and 11.6.1-11.6.5.2, RADIUS authentication leaks memory when the username for authentication is not set.

Affected (2)

F5
1 product
Big Ip Access Policy Manager
Configuration A
2 vulnerable
Vulnerable SoftwareAffected Versions
F5
Big Ip Access Policy Manager
From 11.6.1 to 11.6.5
Big Ip Access Policy Manager
From 12.1.0 to 12.1.5.2

Related CWEs

CWE-401
Missing Release of Memory after Effective Lifetime
The product does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.

References (2)

Source: f5sirt@f5.com
MitigationVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
MitigationVendor Advisory

Timeline

No history available yet.