On specific BIG-IP platforms, attackers may be able to obtain TCP sequence numbers from the BIG-IP system that can be reused in future connections with the same source and destination port and IP numbers. (CVE-2020-5947)
Impact
Attackers may be able to spoof TCP packets to be used by a future connection, resulting in a TCP sequence prediction attack.
This issue affects platforms that do not have hardware-based SYN cookie capabilities. The following BIG-IP platforms do not contain the high speed bus (HSBe2) chip and do not have hardware-based SYN cookie capability, and are therefore vulnerable: