K83504933 : Intel I210 network adapter vulnerability CVE-2020-0524

2021-03-2400:00:00

my.f5.com

4.8 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.7%

JSON

Security Advisory Description

Improper default permissions in the firmware for the Intel® Ethernet I210 Controller series of network adapters before version 3.30 may allow an authenticated user to potentially enable denial of service via local access. (CVE-2020-0524)

Impact

The BIG-IP management network port uses the Intel 1210 network adapter. This vulnerability affects the BIG-IP management interface, including access to SSH and the Configuration utility. A complete compromise results in the loss of access to the management interface, but you can still access the BIG-IP system through the serial console interface, which is not part of the BIG-IP data path.

The following BIG-IP platforms contain the affected Intel I210 network adapter:

BIG-IP i2xxx
BIG-IP i4xxx
BIG-IP i5xxx
BIG-IP i7xxx
BIG-IP i10xxx
BIG-IP i11xxx

CPENameOperatorVersion
f5 ssl orchestratoreq14.1.0
f5 ssl orchestratoreq14.1.2
f5 ssl orchestratoreq14.1.4
f5 ssl orchestratoreq15.1.0
f5 ssl orchestratoreq15.1.1
f5 ssl orchestratoreq16.0.0
f5 ssl orchestratoreq16.0.1
big-ip afmeq11.6.1
big-ip afmeq11.6.2
big-ip afmeq11.6.3

Name	Operator	Version
f5 ssl orchestrator	eq	14.1.0
f5 ssl orchestrator	eq	14.1.2
f5 ssl orchestrator	eq	14.1.4
f5 ssl orchestrator	eq	15.1.0
f5 ssl orchestrator	eq	15.1.1
f5 ssl orchestrator	eq	16.0.0
f5 ssl orchestrator	eq	16.0.1
big-ip afm	eq	11.6.1
big-ip afm	eq	11.6.2
big-ip afm	eq	11.6.3

Rows per page:

1-10 of 2361