K82530456 : BIG-IP Diameter vulnerability CVE-2020-5942

2020-11-0200:00:00

my.f5.com

6.7 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

42.6%

JSON

Security Advisory Description

When processing Capabilities-Exchange-Answer (CEA) packets with certain attributes from the Policy and Charging Rules Function (PCRF) server, the Traffic Management Microkernel (TMM) may generate a core file and restart. (CVE-2020-5942)

Impact

This vulnerability affects only virtual servers configured with the Diameter Endpoint profile with Gx capability to connect to a PCRF. When attackers exploit the vulnerability, TMM creates a core file and restarts. As a result, the BIG-IP system fails to process traffic and fails over to its high availability (HA) peer, if configured.

CPENameOperatorVersion
big-iq centralized managementeq5.4.0
big-iq centralized managementeq6.0.0
big-iq centralized managementeq6.0.1
big-iq centralized managementeq6.1.0
big-iq centralized managementeq7.0.0
big-iq centralized managementeq7.1.0
big-ip afmeq11.6.1
big-ip afmeq11.6.2
big-ip afmeq11.6.3
big-ip afmeq11.6.4

Name	Operator	Version
big-iq centralized management	eq	5.4.0
big-iq centralized management	eq	6.0.0
big-iq centralized management	eq	6.0.1
big-iq centralized management	eq	6.1.0
big-iq centralized management	eq	7.0.0
big-iq centralized management	eq	7.1.0
big-ip afm	eq	11.6.1
big-ip afm	eq	11.6.2
big-ip afm	eq	11.6.3
big-ip afm	eq	11.6.4

Rows per page:

1-10 of 2231