CVE-2020-5929
Vulnerability from cvelistv5
Published
2020-09-25 13:22
Modified
2024-08-04 08:47
Severity ?
EPSS score ?
Summary
In versions 13.0.0-13.0.0 HF2, 12.1.0-12.1.2 HF1, and 11.6.1-11.6.2, BIG-IP platforms with Cavium Nitrox SSL hardware acceleration cards, a Virtual Server configured with a Client SSL profile, and using Anonymous (ADH) or Ephemeral (DHE) Diffie-Hellman key exchange and Single DH use option not enabled in the options list may be vulnerable to crafted SSL/TLS Handshakes that may result with a PMS (Pre-Master Secret) that starts in a 0 byte and may lead to a recovery of plaintext messages as BIG-IP TLS/SSL ADH/DHE sends different error messages acting as an oracle. Similar error messages when PMS starts with 0 byte coupled with very precise timing measurement observation may also expose this vulnerability.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| f5sirt@f5.com | https://support.f5.com/csp/article/K91158923 | Vendor Advisory |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:47:40.873Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K91158923"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "BIG-IP",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "13.0.0-13.0.0 HF2, 12.1.0-12.1.2 HF1, 11.6.1-11.6.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In versions 13.0.0-13.0.0 HF2, 12.1.0-12.1.2 HF1, and 11.6.1-11.6.2, BIG-IP platforms with Cavium Nitrox SSL hardware acceleration cards, a Virtual Server configured with a Client SSL profile, and using Anonymous (ADH) or Ephemeral (DHE) Diffie-Hellman key exchange and Single DH use option not enabled in the options list may be vulnerable to crafted SSL/TLS Handshakes that may result with a PMS (Pre-Master Secret) that starts in a 0 byte and may lead to a recovery of plaintext messages as BIG-IP TLS/SSL ADH/DHE sends different error messages acting as an oracle. Similar error messages when PMS starts with 0 byte coupled with very precise timing measurement observation may also expose this vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "TLS Oracle",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-25T13:22:47",
"orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"shortName": "f5"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.f5.com/csp/article/K91158923"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "f5sirt@f5.com",
"ID": "CVE-2020-5929",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BIG-IP",
"version": {
"version_data": [
{
"version_value": "13.0.0-13.0.0 HF2, 12.1.0-12.1.2 HF1, 11.6.1-11.6.2"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In versions 13.0.0-13.0.0 HF2, 12.1.0-12.1.2 HF1, and 11.6.1-11.6.2, BIG-IP platforms with Cavium Nitrox SSL hardware acceleration cards, a Virtual Server configured with a Client SSL profile, and using Anonymous (ADH) or Ephemeral (DHE) Diffie-Hellman key exchange and Single DH use option not enabled in the options list may be vulnerable to crafted SSL/TLS Handshakes that may result with a PMS (Pre-Master Secret) that starts in a 0 byte and may lead to a recovery of plaintext messages as BIG-IP TLS/SSL ADH/DHE sends different error messages acting as an oracle. Similar error messages when PMS starts with 0 byte coupled with very precise timing measurement observation may also expose this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "TLS Oracle"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.f5.com/csp/article/K91158923",
"refsource": "MISC",
"url": "https://support.f5.com/csp/article/K91158923"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"assignerShortName": "f5",
"cveId": "CVE-2020-5929",
"datePublished": "2020-09-25T13:22:47",
"dateReserved": "2020-01-06T00:00:00",
"dateUpdated": "2024-08-04T08:47:40.873Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2020-5929\",\"sourceIdentifier\":\"f5sirt@f5.com\",\"published\":\"2020-09-25T14:15:13.970\",\"lastModified\":\"2021-07-21T11:39:23.747\",\"vulnStatus\":\"Analyzed\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"In versions 13.0.0-13.0.0 HF2, 12.1.0-12.1.2 HF1, and 11.6.1-11.6.2, BIG-IP platforms with Cavium Nitrox SSL hardware acceleration cards, a Virtual Server configured with a Client SSL profile, and using Anonymous (ADH) or Ephemeral (DHE) Diffie-Hellman key exchange and Single DH use option not enabled in the options list may be vulnerable to crafted SSL/TLS Handshakes that may result with a PMS (Pre-Master Secret) that starts in a 0 byte and may lead to a recovery of plaintext messages as BIG-IP TLS/SSL ADH/DHE sends different error messages acting as an oracle. Similar error messages when PMS starts with 0 byte coupled with very precise timing measurement observation may also expose this vulnerability.\"},{\"lang\":\"es\",\"value\":\"En las versiones 13.0.0-13.0.0 HF2, 12.1.0-12.1.2 HF1 y 11.6.1-11.6.2, las plataformas BIG-IP con tarjetas de aceleraci\u00f3n de hardware Cavium Nitrox SSL, un Servidor Virtual configurado con un perfil SSL de Cliente, y el uso de intercambio de Claves Diffie-Hellman de Anonymous (ADH) o Ephemeral (DHE) y la opci\u00f3n de uso Single DH no habilitada en la lista de opciones puede ser vulnerable a protocolos de enlace SSL/TLS dise\u00f1ados que pueden resultar con un PMS (Pre-Master Secret) que comienza en un byte 0 y puede conllevar a la recuperaci\u00f3n de mensajes de texto plano, ya que BIG-IP TLS/SSL ADH/DHE env\u00eda diferentes mensajes de error que act\u00faan como un or\u00e1culo.\u0026#xa0;Los mensajes de error similares cuando PMS comienza con 0 bytes junto con una observaci\u00f3n de medici\u00f3n de tiempo muy precisa tambi\u00e9n pueden exponer esta vulnerabilidad\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\",\"baseScore\":5.9,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":2.2,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:H/Au:N/C:P/I:N/A:N\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"HIGH\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\",\"baseScore\":2.6},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":4.9,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-203\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.6.1\",\"versionEndExcluding\":\"11.6.2\",\"matchCriteriaId\":\"70FF147E-70DD-4FE1-9778-D9A190653B32\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"12.1.0\",\"versionEndExcluding\":\"12.1.2\",\"matchCriteriaId\":\"A9037A34-60F5-4A75-9B1E-63992472668B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_access_policy_manager:11.6.2:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"EF594CCA-2FE4-4233-B5E8-E24FDA0631FC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_access_policy_manager:12.1.2:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"F0800BF9-76E5-4D1A-A4E1-B9827C2ABB74\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_access_policy_manager:12.1.2:hotfix1:*:*:*:*:*:*\",\"matchCriteriaId\":\"5EACB885-3BB2-4291-BC79-57CA189F03CC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_access_policy_manager:13.0.0:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEC8423E-1AD9-4EAC-8233-C580001DFBEB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_access_policy_manager:13.0.0:hotfix1:*:*:*:*:*:*\",\"matchCriteriaId\":\"07DE0F37-E908-4102-B504-9E56322C28BB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_access_policy_manager:13.0.0:hotfix2:*:*:*:*:*:*\",\"matchCriteriaId\":\"22910FCA-BE87-4F61-A1C4-C13D8E54795C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.6.1\",\"versionEndExcluding\":\"11.6.2\",\"matchCriteriaId\":\"F112F302-F738-434B-BFD1-848AC0345F7D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"12.1.0\",\"versionEndExcluding\":\"12.1.2\",\"matchCriteriaId\":\"AB5C57D2-23E7-442A-9CF7-40996E07EFE0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.6.2:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"C5E40B55-CBAF-45D7-85A7-2645EE79074D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:12.1.2:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"8E8037A0-63AA-48DD-AF9B-0DE6372A82A2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:12.1.2:hotfix1:*:*:*:*:*:*\",\"matchCriteriaId\":\"0A90C209-002D-4629-9BF7-1A0E1CD63164\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:13.0.0:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"3E31B7D5-CD57-40DE-A4DA-CEA4ED72A72D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:13.0.0:hotfix1:*:*:*:*:*:*\",\"matchCriteriaId\":\"E5865312-86A6-4BF1-906F-14821A825F26\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:13.0.0:hotfix2:*:*:*:*:*:*\",\"matchCriteriaId\":\"C9265E7A-ADEE-4A3D-9D93-5B023B1BC7B7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.6.1\",\"versionEndExcluding\":\"11.6.2\",\"matchCriteriaId\":\"042D3A19-2F4D-45D4-97A4-C1EC6352F389\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"12.1.0\",\"versionEndExcluding\":\"12.1.2\",\"matchCriteriaId\":\"8A473F59-33D8-4496-AE7E-8804C6CEA79D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:11.6.2:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"6155F5C7-08ED-4E89-9981-1C6892C7B950\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:12.1.2:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"7FA3C044-3E22-4913-AD5F-C16D8E69064A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:12.1.2:hotfix1:*:*:*:*:*:*\",\"matchCriteriaId\":\"CC828D69-7ADF-4F91-8AAA-573F8E755BCB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:13.0.0:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"2D79EEB5-1D2B-406F-80F4-411B8D1082E1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:13.0.0:hotfix1:*:*:*:*:*:*\",\"matchCriteriaId\":\"21ED963D-F796-48B7-B8B9-16AF04121DAB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:13.0.0:hotfix2:*:*:*:*:*:*\",\"matchCriteriaId\":\"E475B23E-4828-4D9A-8C8C-98735A08C7DA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.6.1\",\"versionEndExcluding\":\"11.6.2\",\"matchCriteriaId\":\"6CCB33B3-1035-4F6D-AF86-2BFF75B3E5AD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"12.1.0\",\"versionEndExcluding\":\"12.1.2\",\"matchCriteriaId\":\"77C1AAC1-9404-415A-BE58-0E8E4FBEEB3A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_analytics:11.6.2:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"561E3C54-4B3A-45DD-A72F-A080343257D8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_analytics:12.1.2:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"41E9AFDB-185C-40F8-B538-B11C157CACA6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_analytics:12.1.2:hotfix1:*:*:*:*:*:*\",\"matchCriteriaId\":\"91598B5F-2FB1-4FE3-8736-14A5F20FEFAE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_analytics:13.0.0:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"37DBEC42-49E4-41FF-A5CF-B2C1769BD7A9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_analytics:13.0.0:hotfix1:*:*:*:*:*:*\",\"matchCriteriaId\":\"BA170BC1-505E-49FE-AD37-B5FAC70C9ECD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_analytics:13.0.0:hotfix2:*:*:*:*:*:*\",\"matchCriteriaId\":\"2EA52E3C-349A-4A6F-8167-40343BCF60EB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.6.1\",\"versionEndExcluding\":\"11.6.2\",\"matchCriteriaId\":\"281403D0-773D-4F37-83EE-F62EF96B3B72\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"12.1.0\",\"versionEndExcluding\":\"12.1.2\",\"matchCriteriaId\":\"EE23E4A6-B8B4-4738-9C4F-8F037EAE1F02\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_acceleration_manager:11.6.2:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"BC152A60-A74C-462A-88BA-28EC5922BFF6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_acceleration_manager:12.1.2:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"306D8178-9362-4E83-8CBC-7FE594875418\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_acceleration_manager:12.1.2:hotfix1:*:*:*:*:*:*\",\"matchCriteriaId\":\"EB950A9D-3444-45EA-BDEE-DC0814FFC820\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_acceleration_manager:13.0.0:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"5FD91B30-E127-49B7-BFC0-20F5AFA04156\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_acceleration_manager:13.0.0:hotfix1:*:*:*:*:*:*\",\"matchCriteriaId\":\"0B8A00CA-1577-4674-AAF7-335D3846CED4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_acceleration_manager:13.0.0:hotfix2:*:*:*:*:*:*\",\"matchCriteriaId\":\"3C5937EE-EA57-4918-A5B8-FD8C05D7D39C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.6.1\",\"versionEndExcluding\":\"11.6.2\",\"matchCriteriaId\":\"F5236265-D881-42BA-9064-F25EFE81C126\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"12.1.0\",\"versionEndExcluding\":\"12.1.2\",\"matchCriteriaId\":\"1B79C6D1-3FE4-400B-B2E9-8247D73A74A8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_security_manager:11.6.2:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"4D7F8FE6-7124-4CC1-BBD7-DDD9DB329877\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_security_manager:12.1.2:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"2CE86895-3244-4B6D-BEBA-BF74468F5BC5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_security_manager:12.1.2:hotfix1:*:*:*:*:*:*\",\"matchCriteriaId\":\"110D8D98-9715-42DD-A967-0728A9D3C422\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_security_manager:13.0.0:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"3E9F83DD-1DC7-450B-82F6-5ACEE37FF701\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_security_manager:13.0.0:hotfix1:*:*:*:*:*:*\",\"matchCriteriaId\":\"26D3BEF3-E29F-402F-B1ED-B7B74BA2E196\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_security_manager:13.0.0:hotfix2:*:*:*:*:*:*\",\"matchCriteriaId\":\"6E4231B1-DA7E-4D80-B3E6-401CDA1E24F3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.6.1\",\"versionEndExcluding\":\"11.6.2\",\"matchCriteriaId\":\"6D713731-3970-4A12-86FE-B8D566FE47FF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"12.1.0\",\"versionEndExcluding\":\"12.1.2\",\"matchCriteriaId\":\"1BFC319D-3B14-4D84-98E2-5ACFDA0D5857\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:11.6.2:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"660DC6C0-93E8-458A-A36F-990178A085BC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:12.1.2:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"89D16C83-F321-4E5A-B0BB-7458AE3093EC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:12.1.2:hotfix1:*:*:*:*:*:*\",\"matchCriteriaId\":\"380EA379-85B3-496E-8267-9267713FF9C4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:13.0.0:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"3D137802-A48A-4199-825A-CE32BE8046CB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:13.0.0:hotfix1:*:*:*:*:*:*\",\"matchCriteriaId\":\"D9561C89-6109-450D-B8FB-C8FDC52EDF40\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:13.0.0:hotfix2:*:*:*:*:*:*\",\"matchCriteriaId\":\"A93822CD-4242-4C37-8F7D-B89F02711D7B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.6.1\",\"versionEndExcluding\":\"11.6.2\",\"matchCriteriaId\":\"82654D85-8BE0-43CF-B117-3F13A4B776DA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"12.1.0\",\"versionEndExcluding\":\"12.1.2\",\"matchCriteriaId\":\"C5AA87AA-CD1A-4E72-ACC4-3DA37F1BB6DA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_domain_name_system:11.6.2:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"E25445A5-B5D8-4321-8CEF-4C48875A0864\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_domain_name_system:12.1.2:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"0E6DD4A4-4496-4CE7-8A7D-420ABAF9B5D9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_domain_name_system:12.1.2:hotfix1:*:*:*:*:*:*\",\"matchCriteriaId\":\"80914B19-88A2-4B91-915C-AB2E88F8BA68\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_domain_name_system:13.0.0:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"140C82AC-5146-453A-8F54-80DEBC3E47C5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_domain_name_system:13.0.0:hotfix1:*:*:*:*:*:*\",\"matchCriteriaId\":\"C8C3C7E6-9A71-4100-AF8F-E258ACA87DC9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_domain_name_system:13.0.0:hotfix2:*:*:*:*:*:*\",\"matchCriteriaId\":\"F364FFC1-129E-4044-AA1D-7616A9DA9742\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.6.1\",\"versionEndExcluding\":\"11.6.2\",\"matchCriteriaId\":\"EABB97D1-1B3F-495C-AA84-BEF5F9B49737\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"12.1.0\",\"versionEndExcluding\":\"12.1.2\",\"matchCriteriaId\":\"B6C0CF36-056F-40B2-A37D-5FBAC1474C91\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_fraud_protection_service:11.6.2:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"C3EAFEA9-B710-476A-9274-ABA1D0530FB9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_fraud_protection_service:12.1.2:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"81C43AC9-9572-46C5-87A9-A0482B166949\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_fraud_protection_service:12.1.2:hotfix1:*:*:*:*:*:*\",\"matchCriteriaId\":\"05CE7A90-A4D7-4DC8-9E40-A00E8A73383D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_fraud_protection_service:13.0.0:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"B5392AD7-A914-4E49-A427-24A1C025CE13\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_fraud_protection_service:13.0.0:hotfix1:*:*:*:*:*:*\",\"matchCriteriaId\":\"5B3B7585-DBD6-4B7E-A531-5AF06CA9A26C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_fraud_protection_service:13.0.0:hotfix2:*:*:*:*:*:*\",\"matchCriteriaId\":\"3928B719-73A2-4F4F-B99E-3B20E73A56BD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.6.1\",\"versionEndExcluding\":\"11.6.2\",\"matchCriteriaId\":\"71DF7CA5-58AC-4A5A-BE8B-E4980954F574\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"12.1.0\",\"versionEndExcluding\":\"12.1.2\",\"matchCriteriaId\":\"2B19D361-EC13-404E-BEB3-2FE57F08D21C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_global_traffic_manager:11.6.2:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"FA6D1B1F-9243-47B8-8524-5FA0DB2BD25E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_global_traffic_manager:12.1.2:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"B135D9F2-BC26-4B4C-9311-8E5462C0D990\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_global_traffic_manager:12.1.2:hotfix1:*:*:*:*:*:*\",\"matchCriteriaId\":\"98DDA9FF-BFCA-46B1-B54B-E66DF37EA3D5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_global_traffic_manager:13.0.0:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"46168539-16F5-4D68-8C60-231DC7304DC2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_global_traffic_manager:13.0.0:hotfix1:*:*:*:*:*:*\",\"matchCriteriaId\":\"7B2C13FC-4A5A-487D-93DC-51C350461326\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_global_traffic_manager:13.0.0:hotfix2:*:*:*:*:*:*\",\"matchCriteriaId\":\"BEDABC39-977F-4D10-9CD7-BC28C9AFEE15\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.6.1\",\"versionEndExcluding\":\"11.6.2\",\"matchCriteriaId\":\"DFB7A1F6-2E72-4FCD-938A-0C52615770A1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"12.1.0\",\"versionEndExcluding\":\"12.1.2\",\"matchCriteriaId\":\"E4C0EC8B-AB4D-4457-8781-9F80B0DDD5AC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_link_controller:11.6.2:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"EE591064-DF44-4838-A9AA-CB33EBFD0ADB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_link_controller:12.1.2:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"5492BACB-7266-42C7-9CCB-8274CE283F37\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_link_controller:12.1.2:hotfix1:*:*:*:*:*:*\",\"matchCriteriaId\":\"B56659EF-E0D2-4274-9E77-E3B584CF8985\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_link_controller:13.0.0:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"4EC093A4-BA4F-40EF-8279-5D93EF131B80\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_link_controller:13.0.0:hotfix1:*:*:*:*:*:*\",\"matchCriteriaId\":\"EE3FF6AC-7BF4-42B9-976E-F326F01F8BB1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_link_controller:13.0.0:hotfix2:*:*:*:*:*:*\",\"matchCriteriaId\":\"1C4AF4BD-FDD2-42B4-BA95-4D5A4A45E243\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.6.1\",\"versionEndExcluding\":\"11.6.2\",\"matchCriteriaId\":\"AD3A9176-70E0-4E5B-B93E-76E6B436ECF8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"12.1.0\",\"versionEndExcluding\":\"12.1.2\",\"matchCriteriaId\":\"534284B2-1FC8-4769-98DB-83D0A03F0FB5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_local_traffic_manager:11.6.2:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"774ECB69-5F65-4B81-9FAE-474C4181B211\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_local_traffic_manager:12.1.2:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"5BDCB0E8-94D5-4B20-B4CC-A49A086FDD38\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_local_traffic_manager:12.1.2:hotfix1:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2F4D185-AE08-47BF-B480-BFBEE290FD26\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_local_traffic_manager:13.0.0:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"A9FD757D-7C65-44E3-B995-186D4670021F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_local_traffic_manager:13.0.0:hotfix1:*:*:*:*:*:*\",\"matchCriteriaId\":\"EB319ED0-52D3-4FB6-86DD-727A1601CAD7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_local_traffic_manager:13.0.0:hotfix2:*:*:*:*:*:*\",\"matchCriteriaId\":\"65CC7B3C-B657-4996-9B84-148624669C8A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.6.1\",\"versionEndExcluding\":\"11.6.2\",\"matchCriteriaId\":\"42E60917-B217-41C4-9455-BC8B67FB1218\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"12.1.0\",\"versionEndExcluding\":\"12.1.2\",\"matchCriteriaId\":\"DE16F299-6B74-4317-A0B4-451FD090BF53\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:11.6.2:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"544CAF10-0F4D-4DCF-99A4-16BF26DB8294\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:12.1.2:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"A5C9A263-245B-4F94-B6FE-46C6C9DE33A4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:12.1.2:hotfix1:*:*:*:*:*:*\",\"matchCriteriaId\":\"55A5BD6E-CC23-4DFA-BE89-1B7164CA003A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:13.0.0:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"8145A49C-E53C-448E-AAEF-3AFE870F833A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:13.0.0:hotfix1:*:*:*:*:*:*\",\"matchCriteriaId\":\"6B517CAC-2BAD-4CD0-9157-57349E0365D8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:13.0.0:hotfix2:*:*:*:*:*:*\",\"matchCriteriaId\":\"30386BAE-5D66-4447-A432-774EEF99B185\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:ssl_orchestrator:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.6.1\",\"versionEndExcluding\":\"11.6.2\",\"matchCriteriaId\":\"7830DB26-7308-4FBD-A81F-69419EB88871\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:ssl_orchestrator:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"12.1.0\",\"versionEndExcluding\":\"12.1.2\",\"matchCriteriaId\":\"E1BA9423-4C0D-4932-9802-51DCDC91F0A5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:ssl_orchestrator:11.6.2:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"42625AC5-88A6-4721-A5EC-31B0EAF5E96C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:ssl_orchestrator:12.1.2:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"76A3DDE3-905D-4A31-A7A9-3E747D2326CA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:ssl_orchestrator:12.1.2:hotfix1:*:*:*:*:*:*\",\"matchCriteriaId\":\"2B3C08CC-F5B4-453F-B0BA-48930614C1E5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:ssl_orchestrator:13.0.0:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"3E7E08B3-6B94-4B91-8689-61762267B648\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:ssl_orchestrator:13.0.0:hotfix1:*:*:*:*:*:*\",\"matchCriteriaId\":\"69BFCE0C-D4C9-4C0E-8EEA-FA1BAEF73320\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:ssl_orchestrator:13.0.0:hotfix2:*:*:*:*:*:*\",\"matchCriteriaId\":\"7CEE3D81-4668-4ED1-AF87-96ECE7C7A0BE\"}]}]}],\"references\":[{\"url\":\"https://support.f5.com/csp/article/K91158923\",\"source\":\"f5sirt@f5.com\",\"tags\":[\"Vendor Advisory\"]}]}}"
}
}
Loading...
Loading...
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.