K32121038 : BIG-IP mcpd vulnerability CVE-2020-5876

2020-04-3000:00:00

my.f5.com

7.8 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

60.8%

JSON

Security Advisory Description

A race condition exists where mcpd and other processes may make unencrypted connection attempts to a new configuration sync peer. The race condition can occur when changing the ConfigSync IP address of a peer, adding a new peer, or when the Traffic Management Microkernel (TMM) first starts up. (CVE-2020-5876)

Impact

The race condition gives a small window of opportunity for an attacker to takeover the connection and spoof a trusted peer device to extract and/or modify sensitive information on the system. This vulnerability is only present when the BIG-IP system is configured as part of a ConfigSync high availability (HA) device group.

CPENameOperatorVersion
big-iq centralized managementeq5.1.0
big-iq centralized managementeq5.2.0
big-iq centralized managementeq5.3.0
big-iq centralized managementeq5.4.0
big-iq centralized managementeq6.0.0
big-iq centralized managementeq6.0.1
big-iq centralized managementeq6.1.0
big-iq centralized managementeq7.0.0
big-ip afmeq11.6.1
big-ip afmeq11.6.2

Name	Operator	Version
big-iq centralized management	eq	5.1.0
big-iq centralized management	eq	5.2.0
big-iq centralized management	eq	5.3.0
big-iq centralized management	eq	5.4.0
big-iq centralized management	eq	6.0.0
big-iq centralized management	eq	6.0.1
big-iq centralized management	eq	6.1.0
big-iq centralized management	eq	7.0.0
big-ip afm	eq	11.6.1
big-ip afm	eq	11.6.2

Rows per page:

1-10 of 2091