K25691186 : BIG-IP Configuration utility vulnerability CVE-2020-27715

2020-12-1700:00:00

my.f5.com

6.8 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

42.6%

JSON

Security Advisory Description

Crafted TLS request to the BIG-IP management interface via port 443 can cause high (~100%) CPU utilization by the httpd daemon. (CVE-2020-27715)

Impact

Unable to access the affected BIG-IP system’s Configuration utility.

CPENameOperatorVersion
big-iq centralized managementeq5.4.0
big-iq centralized managementeq6.0.0
big-iq centralized managementeq6.0.1
big-iq centralized managementeq6.1.0
big-iq centralized managementeq7.0.0
big-ip afmeq11.6.1
big-ip afmeq11.6.2
big-ip afmeq11.6.3
big-ip afmeq11.6.4
big-ip afmeq11.6.5

Name	Operator	Version
big-iq centralized management	eq	5.4.0
big-iq centralized management	eq	6.0.0
big-iq centralized management	eq	6.0.1
big-iq centralized management	eq	6.1.0
big-iq centralized management	eq	7.0.0
big-ip afm	eq	11.6.1
big-ip afm	eq	11.6.2
big-ip afm	eq	11.6.3
big-ip afm	eq	11.6.4
big-ip afm	eq	11.6.5

Rows per page:

1-10 of 2151