Lucene search

[email protected]CVE-2020-5929

HistorySep 25, 2020 - 2:15 p.m.

CVE-2020-5929

2020-09-2514:15:13

CWE-203

[email protected]

web.nvd.nist.gov

cve-2020-5929

ssl vulnerability

tls vulnerability

big-ip

cavium nitrox

handshake vulnerability

2.6 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:N/A:N

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

5.6 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

53.9%

JSON

In versions 13.0.0-13.0.0 HF2, 12.1.0-12.1.2 HF1, and 11.6.1-11.6.2, BIG-IP platforms with Cavium Nitrox SSL hardware acceleration cards, a Virtual Server configured with a Client SSL profile, and using Anonymous (ADH) or Ephemeral (DHE) Diffie-Hellman key exchange and Single DH use option not enabled in the options list may be vulnerable to crafted SSL/TLS Handshakes that may result with a PMS (Pre-Master Secret) that starts in a 0 byte and may lead to a recovery of plaintext messages as BIG-IP TLS/SSL ADH/DHE sends different error messages acting as an oracle. Similar error messages when PMS starts with 0 byte coupled with very precise timing measurement observation may also expose this vulnerability.

Affected configurations

NVD

Node

f5big-ip_access_policy_managerRange11.6.1–11.6.2

f5big-ip_access_policy_managerRange12.1.0–12.1.2

f5big-ip_access_policy_managerMatch11.6.2-

f5big-ip_access_policy_managerMatch12.1.2-

f5big-ip_access_policy_managerMatch12.1.2hotfix1

f5big-ip_access_policy_managerMatch13.0.0-

f5big-ip_access_policy_managerMatch13.0.0hotfix1

f5big-ip_access_policy_managerMatch13.0.0hotfix2

f5big-ip_advanced_firewall_managerRange11.6.1–11.6.2

f5big-ip_advanced_firewall_managerRange12.1.0–12.1.2

f5big-ip_advanced_firewall_managerMatch11.6.2-

f5big-ip_advanced_firewall_managerMatch12.1.2-

f5big-ip_advanced_firewall_managerMatch12.1.2hotfix1

f5big-ip_advanced_firewall_managerMatch13.0.0-

f5big-ip_advanced_firewall_managerMatch13.0.0hotfix1

f5big-ip_advanced_firewall_managerMatch13.0.0hotfix2

f5big-ip_advanced_web_application_firewallRange11.6.1–11.6.2

f5big-ip_advanced_web_application_firewallRange12.1.0–12.1.2

f5big-ip_advanced_web_application_firewallMatch11.6.2-

f5big-ip_advanced_web_application_firewallMatch12.1.2-

f5big-ip_advanced_web_application_firewallMatch12.1.2hotfix1

f5big-ip_advanced_web_application_firewallMatch13.0.0-

f5big-ip_advanced_web_application_firewallMatch13.0.0hotfix1

f5big-ip_advanced_web_application_firewallMatch13.0.0hotfix2

f5big-ip_analyticsRange11.6.1–11.6.2

f5big-ip_analyticsRange12.1.0–12.1.2

f5big-ip_analyticsMatch11.6.2-

f5big-ip_analyticsMatch12.1.2-

f5big-ip_analyticsMatch12.1.2hotfix1

f5big-ip_analyticsMatch13.0.0-

f5big-ip_analyticsMatch13.0.0hotfix1

f5big-ip_analyticsMatch13.0.0hotfix2

f5big-ip_application_acceleration_managerRange11.6.1–11.6.2

f5big-ip_application_acceleration_managerRange12.1.0–12.1.2

f5big-ip_application_acceleration_managerMatch11.6.2-

f5big-ip_application_acceleration_managerMatch12.1.2-

f5big-ip_application_acceleration_managerMatch12.1.2hotfix1

f5big-ip_application_acceleration_managerMatch13.0.0-

f5big-ip_application_acceleration_managerMatch13.0.0hotfix1

f5big-ip_application_acceleration_managerMatch13.0.0hotfix2

f5big-ip_application_security_managerRange11.6.1–11.6.2

f5big-ip_application_security_managerRange12.1.0–12.1.2

f5big-ip_application_security_managerMatch11.6.2-

f5big-ip_application_security_managerMatch12.1.2-

f5big-ip_application_security_managerMatch12.1.2hotfix1

f5big-ip_application_security_managerMatch13.0.0-

f5big-ip_application_security_managerMatch13.0.0hotfix1

f5big-ip_application_security_managerMatch13.0.0hotfix2

f5big-ip_ddos_hybrid_defenderRange11.6.1–11.6.2

f5big-ip_ddos_hybrid_defenderRange12.1.0–12.1.2

f5big-ip_ddos_hybrid_defenderMatch11.6.2-

f5big-ip_ddos_hybrid_defenderMatch12.1.2-

f5big-ip_ddos_hybrid_defenderMatch12.1.2hotfix1

f5big-ip_ddos_hybrid_defenderMatch13.0.0-

f5big-ip_ddos_hybrid_defenderMatch13.0.0hotfix1

f5big-ip_ddos_hybrid_defenderMatch13.0.0hotfix2

f5big-ip_domain_name_systemRange11.6.1–11.6.2

f5big-ip_domain_name_systemRange12.1.0–12.1.2

f5big-ip_domain_name_systemMatch11.6.2-

f5big-ip_domain_name_systemMatch12.1.2-

f5big-ip_domain_name_systemMatch12.1.2hotfix1

f5big-ip_domain_name_systemMatch13.0.0-

f5big-ip_domain_name_systemMatch13.0.0hotfix1

f5big-ip_domain_name_systemMatch13.0.0hotfix2

f5big-ip_fraud_protection_serviceRange11.6.1–11.6.2

f5big-ip_fraud_protection_serviceRange12.1.0–12.1.2

f5big-ip_fraud_protection_serviceMatch11.6.2-

f5big-ip_fraud_protection_serviceMatch12.1.2-

f5big-ip_fraud_protection_serviceMatch12.1.2hotfix1

f5big-ip_fraud_protection_serviceMatch13.0.0-

f5big-ip_fraud_protection_serviceMatch13.0.0hotfix1

f5big-ip_fraud_protection_serviceMatch13.0.0hotfix2

f5big-ip_global_traffic_managerRange11.6.1–11.6.2

f5big-ip_global_traffic_managerRange12.1.0–12.1.2

f5big-ip_global_traffic_managerMatch11.6.2-

f5big-ip_global_traffic_managerMatch12.1.2-

f5big-ip_global_traffic_managerMatch12.1.2hotfix1

f5big-ip_global_traffic_managerMatch13.0.0-

f5big-ip_global_traffic_managerMatch13.0.0hotfix1

f5big-ip_global_traffic_managerMatch13.0.0hotfix2

f5big-ip_link_controllerRange11.6.1–11.6.2

f5big-ip_link_controllerRange12.1.0–12.1.2

f5big-ip_link_controllerMatch11.6.2-

f5big-ip_link_controllerMatch12.1.2-

f5big-ip_link_controllerMatch12.1.2hotfix1

f5big-ip_link_controllerMatch13.0.0-

f5big-ip_link_controllerMatch13.0.0hotfix1

f5big-ip_link_controllerMatch13.0.0hotfix2

f5big-ip_local_traffic_managerRange11.6.1–11.6.2

f5big-ip_local_traffic_managerRange12.1.0–12.1.2

f5big-ip_local_traffic_managerMatch11.6.2-

f5big-ip_local_traffic_managerMatch12.1.2-

f5big-ip_local_traffic_managerMatch12.1.2hotfix1

f5big-ip_local_traffic_managerMatch13.0.0-

f5big-ip_local_traffic_managerMatch13.0.0hotfix1

f5big-ip_local_traffic_managerMatch13.0.0hotfix2

f5big-ip_policy_enforcement_managerRange11.6.1–11.6.2

f5big-ip_policy_enforcement_managerRange12.1.0–12.1.2

f5big-ip_policy_enforcement_managerMatch11.6.2-

f5big-ip_policy_enforcement_managerMatch12.1.2-

f5big-ip_policy_enforcement_managerMatch12.1.2hotfix1

f5big-ip_policy_enforcement_managerMatch13.0.0-

f5big-ip_policy_enforcement_managerMatch13.0.0hotfix1

f5big-ip_policy_enforcement_managerMatch13.0.0hotfix2

f5ssl_orchestratorRange11.6.1–11.6.2

f5ssl_orchestratorRange12.1.0–12.1.2

f5ssl_orchestratorMatch11.6.2-

f5ssl_orchestratorMatch12.1.2-

f5ssl_orchestratorMatch12.1.2hotfix1

f5ssl_orchestratorMatch13.0.0-

f5ssl_orchestratorMatch13.0.0hotfix1

f5ssl_orchestratorMatch13.0.0hotfix2

CPENameOperatorVersion
f5:big-ip_access_policy_managerf5 big-ip access policy managerlt11.6.2
f5:big-ip_access_policy_managerf5 big-ip access policy managerlt12.1.2
f5:big-ip_access_policy_managerf5 big-ip access policy managereq13.0.0
f5:big-ip_advanced_firewall_managerf5 big-ip advanced firewall managerlt11.6.2
f5:big-ip_advanced_firewall_managerf5 big-ip advanced firewall managerlt12.1.2
f5:big-ip_advanced_firewall_managerf5 big-ip advanced firewall managereq13.0.0
f5:big-ip_advanced_web_application_firewallf5 big-ip advanced web application firewalllt11.6.2
f5:big-ip_advanced_web_application_firewallf5 big-ip advanced web application firewalllt12.1.2
f5:big-ip_advanced_web_application_firewallf5 big-ip advanced web application firewalleq13.0.0
f5:big-ip_analyticsf5 big-ip analyticslt11.6.2

CPE	Name	Operator	Version
f5:big-ip_access_policy_manager	f5 big-ip access policy manager	lt	11.6.2
f5:big-ip_access_policy_manager	f5 big-ip access policy manager	lt	12.1.2
f5:big-ip_access_policy_manager	f5 big-ip access policy manager	eq	13.0.0
f5:big-ip_advanced_firewall_manager	f5 big-ip advanced firewall manager	lt	11.6.2
f5:big-ip_advanced_firewall_manager	f5 big-ip advanced firewall manager	lt	12.1.2
f5:big-ip_advanced_firewall_manager	f5 big-ip advanced firewall manager	eq	13.0.0
f5:big-ip_advanced_web_application_firewall	f5 big-ip advanced web application firewall	lt	11.6.2
f5:big-ip_advanced_web_application_firewall	f5 big-ip advanced web application firewall	lt	12.1.2
f5:big-ip_advanced_web_application_firewall	f5 big-ip advanced web application firewall	eq	13.0.0
f5:big-ip_analytics	f5 big-ip analytics	lt	11.6.2

Rows per page:

1-10 of 421

CNA Affected

[
  {
    "product": "BIG-IP",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "13.0.0-13.0.0 HF2, 12.1.0-12.1.2 HF1, 11.6.1-11.6.2"
      }
    ]
  }
]