← Back

CVE-2020-5929

nvd nist
Published: Sep 25, 2020Modified: Nov 21, 2024

JSON object

Loading...
5.9
Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Exploitability: 2.2 / Impact: 3.6
Source: NVD

Description

In versions 13.0.0-13.0.0 HF2, 12.1.0-12.1.2 HF1, and 11.6.1-11.6.2, BIG-IP platforms with Cavium Nitrox SSL hardware acceleration cards, a Virtual Server configured with a Client SSL profile, and using Anonymous (ADH) or Ephemeral (DHE) Diffie-Hellman key exchange and Single DH use option not enabled in the options list may be vulnerable to crafted SSL/TLS Handshakes that may result with a PMS (Pre-Master Secret) that starts in a 0 byte and may lead to a recovery of plaintext messages as BIG-IP TLS/SSL ADH/DHE sends different error messages acting as an oracle. Similar error messages when PMS starts with 0 byte coupled with very precise timing measurement observation may also expose this vulnerability.

Affected (112)

F5
14 products
Big Ip Access Policy Manager
Big Ip Advanced Firewall Manager
Big Ip Advanced Web Application Firewall
Big Ip Analytics
Big Ip Application Acceleration Manager
Big Ip Application Security Manager
Big Ip Ddos Hybrid Defender
Big Ip Domain Name System
Big Ip Fraud Protection Service
Big Ip Global Traffic Manager
Big Ip Link Controller
Big Ip Local Traffic Manager
Big Ip Policy Enforcement Manager
Ssl Orchestrator
Configuration A
112 vulnerable
Vulnerable SoftwareAffected Versions
F5
Big Ip Access Policy Manager
From 11.6.1 to 11.6.2
Big Ip Access Policy Manager
From 12.1.0 to 12.1.2
Big Ip Access Policy Manager
Version 11.6.2
Big Ip Access Policy Manager
Version 12.1.2
Big Ip Access Policy Manager
Version 12.1.2 hotfix1
Big Ip Access Policy Manager
Version 13.0.0
Big Ip Access Policy Manager
Version 13.0.0 hotfix1
Big Ip Access Policy Manager
Version 13.0.0 hotfix2
F5
Big Ip Advanced Firewall Manager
From 11.6.1 to 11.6.2
Big Ip Advanced Firewall Manager
From 12.1.0 to 12.1.2
Big Ip Advanced Firewall Manager
Version 11.6.2
Big Ip Advanced Firewall Manager
Version 12.1.2
Big Ip Advanced Firewall Manager
Version 12.1.2 hotfix1
Big Ip Advanced Firewall Manager
Version 13.0.0
Big Ip Advanced Firewall Manager
Version 13.0.0 hotfix1
Big Ip Advanced Firewall Manager
Version 13.0.0 hotfix2
F5
Big Ip Advanced Web Application Firewall
From 11.6.1 to 11.6.2
Big Ip Advanced Web Application Firewall
From 12.1.0 to 12.1.2
Big Ip Advanced Web Application Firewall
Version 11.6.2
Big Ip Advanced Web Application Firewall
Version 12.1.2
Big Ip Advanced Web Application Firewall
Version 12.1.2 hotfix1
Big Ip Advanced Web Application Firewall
Version 13.0.0
Big Ip Advanced Web Application Firewall
Version 13.0.0 hotfix1
Big Ip Advanced Web Application Firewall
Version 13.0.0 hotfix2
F5
Big Ip Analytics
From 11.6.1 to 11.6.2
Big Ip Analytics
From 12.1.0 to 12.1.2
Big Ip Analytics
Version 11.6.2
Big Ip Analytics
Version 12.1.2
Big Ip Analytics
Version 12.1.2 hotfix1
Big Ip Analytics
Version 13.0.0
Big Ip Analytics
Version 13.0.0 hotfix1
Big Ip Analytics
Version 13.0.0 hotfix2
F5
Big Ip Application Acceleration Manager
From 11.6.1 to 11.6.2
Big Ip Application Acceleration Manager
From 12.1.0 to 12.1.2
Big Ip Application Acceleration Manager
Version 11.6.2
Big Ip Application Acceleration Manager
Version 12.1.2
Big Ip Application Acceleration Manager
Version 12.1.2 hotfix1
Big Ip Application Acceleration Manager
Version 13.0.0
Big Ip Application Acceleration Manager
Version 13.0.0 hotfix1
Big Ip Application Acceleration Manager
Version 13.0.0 hotfix2
F5
Big Ip Application Security Manager
From 11.6.1 to 11.6.2
Big Ip Application Security Manager
From 12.1.0 to 12.1.2
Big Ip Application Security Manager
Version 11.6.2
Big Ip Application Security Manager
Version 12.1.2
Big Ip Application Security Manager
Version 12.1.2 hotfix1
Big Ip Application Security Manager
Version 13.0.0
Big Ip Application Security Manager
Version 13.0.0 hotfix1
Big Ip Application Security Manager
Version 13.0.0 hotfix2
F5
Big Ip Ddos Hybrid Defender
From 11.6.1 to 11.6.2
Big Ip Ddos Hybrid Defender
From 12.1.0 to 12.1.2
Big Ip Ddos Hybrid Defender
Version 11.6.2
Big Ip Ddos Hybrid Defender
Version 12.1.2
Big Ip Ddos Hybrid Defender
Version 12.1.2 hotfix1
Big Ip Ddos Hybrid Defender
Version 13.0.0
Big Ip Ddos Hybrid Defender
Version 13.0.0 hotfix1
Big Ip Ddos Hybrid Defender
Version 13.0.0 hotfix2
F5
Big Ip Domain Name System
From 11.6.1 to 11.6.2
Big Ip Domain Name System
From 12.1.0 to 12.1.2
Big Ip Domain Name System
Version 11.6.2
Big Ip Domain Name System
Version 12.1.2
Big Ip Domain Name System
Version 12.1.2 hotfix1
Big Ip Domain Name System
Version 13.0.0
Big Ip Domain Name System
Version 13.0.0 hotfix1
Big Ip Domain Name System
Version 13.0.0 hotfix2
F5
Big Ip Fraud Protection Service
From 11.6.1 to 11.6.2
Big Ip Fraud Protection Service
From 12.1.0 to 12.1.2
Big Ip Fraud Protection Service
Version 11.6.2
Big Ip Fraud Protection Service
Version 12.1.2
Big Ip Fraud Protection Service
Version 12.1.2 hotfix1
Big Ip Fraud Protection Service
Version 13.0.0
Big Ip Fraud Protection Service
Version 13.0.0 hotfix1
Big Ip Fraud Protection Service
Version 13.0.0 hotfix2
F5
Big Ip Global Traffic Manager
From 11.6.1 to 11.6.2
Big Ip Global Traffic Manager
From 12.1.0 to 12.1.2
Big Ip Global Traffic Manager
Version 11.6.2
Big Ip Global Traffic Manager
Version 12.1.2
Big Ip Global Traffic Manager
Version 12.1.2 hotfix1
Big Ip Global Traffic Manager
Version 13.0.0
Big Ip Global Traffic Manager
Version 13.0.0 hotfix1
Big Ip Global Traffic Manager
Version 13.0.0 hotfix2
F5
Big Ip Link Controller
From 11.6.1 to 11.6.2
Big Ip Link Controller
From 12.1.0 to 12.1.2
Big Ip Link Controller
Version 11.6.2
Big Ip Link Controller
Version 12.1.2
Big Ip Link Controller
Version 12.1.2 hotfix1
Big Ip Link Controller
Version 13.0.0
Big Ip Link Controller
Version 13.0.0 hotfix1
Big Ip Link Controller
Version 13.0.0 hotfix2
F5
Big Ip Local Traffic Manager
From 11.6.1 to 11.6.2
Big Ip Local Traffic Manager
From 12.1.0 to 12.1.2
Big Ip Local Traffic Manager
Version 11.6.2
Big Ip Local Traffic Manager
Version 12.1.2
Big Ip Local Traffic Manager
Version 12.1.2 hotfix1
Big Ip Local Traffic Manager
Version 13.0.0
Big Ip Local Traffic Manager
Version 13.0.0 hotfix1
Big Ip Local Traffic Manager
Version 13.0.0 hotfix2
F5
Big Ip Policy Enforcement Manager
From 11.6.1 to 11.6.2
Big Ip Policy Enforcement Manager
From 12.1.0 to 12.1.2
Big Ip Policy Enforcement Manager
Version 11.6.2
Big Ip Policy Enforcement Manager
Version 12.1.2
Big Ip Policy Enforcement Manager
Version 12.1.2 hotfix1
Big Ip Policy Enforcement Manager
Version 13.0.0
Big Ip Policy Enforcement Manager
Version 13.0.0 hotfix1
Big Ip Policy Enforcement Manager
Version 13.0.0 hotfix2
F5
Ssl Orchestrator
From 11.6.1 to 11.6.2
Ssl Orchestrator
From 12.1.0 to 12.1.2
Ssl Orchestrator
Version 11.6.2
Ssl Orchestrator
Version 12.1.2
Ssl Orchestrator
Version 12.1.2 hotfix1
Ssl Orchestrator
Version 13.0.0
Ssl Orchestrator
Version 13.0.0 hotfix1
Ssl Orchestrator
Version 13.0.0 hotfix2

Related CWEs

CWE-203
Observable Discrepancy
The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor, which exposes security-relevant information about the state of the product, such as whether a particular operation was successful or not.

References (2)

Source: f5sirt@f5.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.