CVE-2020-5947
4.3
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Exploitability: 2.8 / Impact: 1.4
Source: NVD
Description
In versions 16.0.0-16.0.0.1 and 15.1.0-15.1.1, on specific BIG-IP platforms, attackers may be able to obtain TCP sequence numbers from the BIG-IP system that can be reused in future connections with the same source and destination port and IP numbers. Only these platforms are affected: BIG-IP 2000 series (C112), BIG-IP 4000 series (C113), BIG-IP i2000 series (C117), BIG-IP i4000 series (C115), BIG-IP Virtual Edition (VE).
Affected (28)
Products: F5: Big Ip Access Policy Manager, Big Ip Advanced Firewall Manager, Big Ip Advanced Web Application Firewall, Big Ip Analytics, Big Ip Application Acceleration Manager, Big Ip Application Security Manager, Big Ip Ddos Hybrid Defender, Big Ip Domain Name System, Big Ip Fraud Protection Service, Big Ip Global Traffic Manager, Big Ip Link Controller, Big Ip Local Traffic Manager, Big Ip Policy Enforcement Manager, Ssl Orchestrator
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| From 15.0.0 to 15.1.2 | |
| From 15.0.0 to 15.1.2 | |
| From 15.0.0 to 15.1.2 | |
| From 15.0.0 to 15.1.2 | |
| From 15.0.0 to 15.1.2 | |
| From 15.0.0 to 15.1.2 | |
| From 15.0.0 to 15.1.2 | |
| From 15.0.0 to 15.1.2 | |
| From 15.0.0 to 15.1.2 | |
| From 15.0.0 to 15.1.2 | |
| From 15.0.0 to 15.1.2 | |
| From 15.0.0 to 15.1.2 | |
| From 15.0.0 to 15.1.2 | |
| From 15.0.0 to 15.1.2 |
| Running on/with | Platform Versions |
|---|---|
F5 Big Ip 2000 | Version c112 |
F5 Big Ip 4000 | Version c113 |
F5 Big Ip I2000 | Version c117 |
F5 Big Ip I4000 | Version c115 |
F5 Big Ip Virtual Edition | All versions |
References (2)
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Timeline
No history available yet.