CVE-2020-5852
Vulnerability from cvelistv5
Published
2020-01-14 16:07
Modified
2024-08-04 08:39
Severity ?
EPSS score ?
Summary
Undisclosed traffic patterns received may cause a disruption of service to the Traffic Management Microkernel (TMM). This vulnerability affects TMM through a virtual server configured with a FastL4 profile. Traffic processing is disrupted while TMM restarts. This issue only impacts specific engineering hotfixes. NOTE: This vulnerability does not affect any of the BIG-IP major, minor or maintenance releases you obtained from downloads.f5.com. The affected Engineering Hotfix builds are as follows: Hotfix-BIGIP-14.1.2.1.0.83.4-ENG Hotfix-BIGIP-12.1.4.1.0.97.6-ENG Hotfix-BIGIP-11.5.4.2.74.291-HF2
References
| ▼ | URL | Tags | |
|---|---|---|---|
| f5sirt@f5.com | https://support.f5.com/csp/article/K53590702 | Vendor Advisory |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:39:25.870Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K53590702"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "BIG-IP",
"vendor": "F5",
"versions": [
{
"status": "affected",
"version": "Hotfix-BIGIP-14.1.2.1.0.83.4-ENG"
},
{
"status": "affected",
"version": "Hotfix-BIGIP-12.1.4.1.0.97.6-ENG"
},
{
"status": "affected",
"version": "Hotfix-BIGIP-11.5.4.2.74.291-HF2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Undisclosed traffic patterns received may cause a disruption of service to the Traffic Management Microkernel (TMM). This vulnerability affects TMM through a virtual server configured with a FastL4 profile. Traffic processing is disrupted while TMM restarts. This issue only impacts specific engineering hotfixes. NOTE: This vulnerability does not affect any of the BIG-IP major, minor or maintenance releases you obtained from downloads.f5.com. The affected Engineering Hotfix builds are as follows: Hotfix-BIGIP-14.1.2.1.0.83.4-ENG Hotfix-BIGIP-12.1.4.1.0.97.6-ENG Hotfix-BIGIP-11.5.4.2.74.291-HF2"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "DoS",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-14T16:07:01",
"orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"shortName": "f5"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.f5.com/csp/article/K53590702"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "f5sirt@f5.com",
"ID": "CVE-2020-5852",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BIG-IP",
"version": {
"version_data": [
{
"version_value": "Hotfix-BIGIP-14.1.2.1.0.83.4-ENG"
},
{
"version_value": "Hotfix-BIGIP-12.1.4.1.0.97.6-ENG"
},
{
"version_value": "Hotfix-BIGIP-11.5.4.2.74.291-HF2"
}
]
}
}
]
},
"vendor_name": "F5"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Undisclosed traffic patterns received may cause a disruption of service to the Traffic Management Microkernel (TMM). This vulnerability affects TMM through a virtual server configured with a FastL4 profile. Traffic processing is disrupted while TMM restarts. This issue only impacts specific engineering hotfixes. NOTE: This vulnerability does not affect any of the BIG-IP major, minor or maintenance releases you obtained from downloads.f5.com. The affected Engineering Hotfix builds are as follows: Hotfix-BIGIP-14.1.2.1.0.83.4-ENG Hotfix-BIGIP-12.1.4.1.0.97.6-ENG Hotfix-BIGIP-11.5.4.2.74.291-HF2"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "DoS"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.f5.com/csp/article/K53590702",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K53590702"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"assignerShortName": "f5",
"cveId": "CVE-2020-5852",
"datePublished": "2020-01-14T16:07:01",
"dateReserved": "2020-01-06T00:00:00",
"dateUpdated": "2024-08-04T08:39:25.870Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2020-5852\",\"sourceIdentifier\":\"f5sirt@f5.com\",\"published\":\"2020-01-14T17:15:13.520\",\"lastModified\":\"2020-02-05T18:01:29.087\",\"vulnStatus\":\"Analyzed\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"Undisclosed traffic patterns received may cause a disruption of service to the Traffic Management Microkernel (TMM). This vulnerability affects TMM through a virtual server configured with a FastL4 profile. Traffic processing is disrupted while TMM restarts. This issue only impacts specific engineering hotfixes. NOTE: This vulnerability does not affect any of the BIG-IP major, minor or maintenance releases you obtained from downloads.f5.com. The affected Engineering Hotfix builds are as follows: Hotfix-BIGIP-14.1.2.1.0.83.4-ENG Hotfix-BIGIP-12.1.4.1.0.97.6-ENG Hotfix-BIGIP-11.5.4.2.74.291-HF2\"},{\"lang\":\"es\",\"value\":\"Los patrones de tr\u00e1fico no revelados recibidos pueden causar una interrupci\u00f3n del servicio en el Traffic Management Microkernel (TMM). Esta vulnerabilidad afecta a TMM por medio de un servidor virtual configurado con un perfil FastL4. El procesamiento del tr\u00e1fico es interrumpido mientras TMM se reinicia. Este problema solo impacta a las revisiones de ingenier\u00eda espec\u00edficas. NOTA: Esta vulnerabilidad no afecta a ninguna de las versiones principales, menores o de mantenimiento de BIG-IP que obtuvieron desde downloads.f5.com. Las compilaciones de las Revisiones de Ingenier\u00eda afectadas son las siguientes: Hotfix-BIGIP-14.1.2.1.0.83.4-ENG, Hotfix-BIGIP-12.1.4.1.0.97.6-ENG, Hotfix-BIGIP-11.5.4.2.74.291-HF2.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:P\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\",\"baseScore\":5.0},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_local_traffic_manager:11.5.4.2.74.291:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"033576BF-E71E-42AE-A79D-F70CE27065A1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_local_traffic_manager:12.1.4.1.0.97.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C568CA75-D411-4888-9495-97299ED7DE2B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_local_traffic_manager:14.1.2.1.0.83.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"670E2BE8-CA43-4161-B006-A975F312A38C\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.5.4.2.74.291:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"74FD8AD5-3F0B-4018-B729-0832E4037D9B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:12.1.4.1.0.97.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"007C51BA-0548-4533-982A-23DC362E9E40\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:14.1.2.1.0.83.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0D4C7F8A-63C1-4B02-BEAD-BB75FC5DEF86\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_acceleration_manager:11.5.4.2.74.291:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6E4DC015-700E-439E-A533-AAE316A9E179\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_acceleration_manager:12.1.4.1.0.97.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"974AAC9E-C18E-473E-B786-9EAB24197D0C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_acceleration_manager:14.1.2.1.0.83.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F4A02288-2976-4AB3-AF80-365FF3334479\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_analytics:11.5.4.2.74.291:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"58EB603E-FC1D-483E-B1DE-E511372DEA8C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_analytics:12.1.4.1.0.97.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"67A54F20-ED74-44B3-B3CD-5F98E417A817\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_analytics:14.1.2.1.0.83.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5AF2F66C-3EF4-477B-A280-88E6888CBA12\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_access_policy_manager:11.5.4.2.74.291:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C3C4ABFA-6D0D-46ED-AA4A-697F1A90A567\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_access_policy_manager:12.1.4.1.0.97.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5D1A5CEC-D51C-4534-847F-B0431B4AFC7A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_access_policy_manager:14.1.2.1.0.83.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"79C30BAD-6ACD-465F-92D9-420D6FA7C3FD\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_security_manager:11.5.4.2.74.291:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"38449FAF-FE04-4DC3-8BEA-A7C4D3C7FC44\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_security_manager:12.1.4.1.0.97.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1CCCBD02-AB24-404C-877D-C0C30057B021\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_security_manager:14.1.2.1.0.83.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D9E23A6C-C1F2-412F-9A64-032F985C7CFB\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_edge_gateway:11.5.4.2.74.291:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6993E552-C75F-4949-B572-B5F35506767D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_edge_gateway:12.1.4.1.0.97.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D2933637-C5C7-459F-BBC4-08A1210541E0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_edge_gateway:14.1.2.1.0.83.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"21B3D022-2DB8-4C50-A965-05AC67F75B54\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_fraud_protection_service:11.5.4.2.74.291:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"61E4285A-9B07-4591-896C-E83281492E43\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_fraud_protection_service:12.1.4.1.0.97.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FDB1E99D-F97C-4F3D-834C-6537E17475A2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_fraud_protection_service:14.1.2.1.0.83.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9BD1A5FB-157C-4E20-B006-C8F3D766F795\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_global_traffic_manager:11.5.4.2.74.291:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"88026CB0-7E9D-4D89-9541-FD0814F605AE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_global_traffic_manager:12.1.4.1.0.97.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3B558D87-5D1D-48CB-BE08-423CA303F3CF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_global_traffic_manager:14.1.2.1.0.83.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9BEF1252-BD09-44CF-AC8C-5E4D476735DF\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_link_controller:11.5.4.2.74.291:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F814AAB4-5B33-4FFA-B391-2E94D1B58008\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_link_controller:12.1.4.1.0.97.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3139E50B-B85A-41EE-8EF0-70E1C470B238\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_link_controller:14.1.2.1.0.83.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E52C06C1-398B-4B83-8CA9-B387C321E846\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:11.5.4.2.74.291:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0019A383-8A91-46DB-8E03-2CA3DA21482D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:12.1.4.1.0.97.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4817B420-5C89-48C4-9CD4-4659D66F3B06\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:14.1.2.1.0.83.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"707A9D6E-08C7-494C-815A-97B4D44DED56\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_webaccelerator:11.5.4.2.74.291:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0C6E329F-CA1F-46C4-A41C-D52379B8F674\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_webaccelerator:12.1.4.1.0.97.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DD41A28F-0C99-4C9D-8B73-99D4C9285DDA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_webaccelerator:14.1.2.1.0.83.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3324D4E6-F2AB-4E4C-9883-8E7BCEC1EC3F\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_domain_name_system:11.5.4.2.74.291:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E60CFBEE-178F-468B-9B8C-55F4F8B64AE9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_domain_name_system:12.1.4.1.0.97.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F27C513D-A6B3-4176-88ED-4488CF748341\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_domain_name_system:14.1.2.1.0.83.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5E58468A-AD2C-474F-9EFB-F3D56CC88A86\"}]}]}],\"references\":[{\"url\":\"https://support.f5.com/csp/article/K53590702\",\"source\":\"f5sirt@f5.com\",\"tags\":[\"Vendor Advisory\"]}]}}"
}
}
Loading...
Loading...
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.