K62830532 : BIG-IP MQTT iRule vulnerability CVE-2020-5935

2020-10-2800:00:00

my.f5.com

6.7 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

42.6%

JSON

Security Advisory Description

When your system handles MQTT traffic through a BIG-IP virtual server associated with an MQTT profile, and an iRule performs manipulations on that traffic, TMM may produce a core file. (CVE-2020-5935)

Impact

The Traffic Management Microkernel (TMM) may generate a core file and restart, causing a high availability (HA) failover event.

To trigger this issue, an associated iRule must call the following command:

MQTT::topic delete

To exploit this issue, an attacker must determine a vulnerable code-path through the associated iRule, which may require a significant amount of internal BIG-IP configuration knowledge.

CPENameOperatorVersion
big-iq centralized managementeq5.2.0
big-iq centralized managementeq5.3.0
big-iq centralized managementeq5.4.0
big-iq centralized managementeq6.0.0
big-iq centralized managementeq6.0.1
big-iq centralized managementeq6.1.0
big-iq centralized managementeq7.0.0
big-ip afmeq11.5.10
big-ip afmeq11.5.2
big-ip afmeq11.5.3

Name	Operator	Version
big-iq centralized management	eq	5.2.0
big-iq centralized management	eq	5.3.0
big-iq centralized management	eq	5.4.0
big-iq centralized management	eq	6.0.0
big-iq centralized management	eq	6.0.1
big-iq centralized management	eq	6.1.0
big-iq centralized management	eq	7.0.0
big-ip afm	eq	11.5.10
big-ip afm	eq	11.5.2
big-ip afm	eq	11.5.3

Rows per page:

1-10 of 2881