FKIE_CVE-2020-5926
Vulnerability from fkie_nvd - Published: 2020-08-26 16:15 - Updated: 2024-11-21 05:34
Severity ?
Summary
In BIG-IP versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, and 14.1.0-14.1.2.6, a BIG-IP virtual server with a Session Initiation Protocol (SIP) ALG profile, parsing SIP messages that contain a multi-part MIME payload with certain boundary strings can cause TMM to free memory to the wrong cache.
References
| URL | Tags | ||
|---|---|---|---|
| f5sirt@f5.com | https://support.f5.com/csp/article/K42830212 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.f5.com/csp/article/K42830212 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3829D757-B0FD-42A7-B2A5-95274FF461A2",
"versionEndExcluding": "14.1.2.7",
"versionStartIncluding": "14.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E9170095-A9BB-4D24-9925-39256D7CE2C6",
"versionEndExcluding": "15.0.1.4",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8BE97C4B-EAF8-4454-8912-DFE2BFB3E15E",
"versionEndExcluding": "15.1.0.5",
"versionStartIncluding": "15.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "45F9B579-F0F4-42DB-9F29-734278B3CEE8",
"versionEndExcluding": "14.1.2.7",
"versionStartIncluding": "14.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5B59E16D-7645-492A-9C1D-A8724FFCA28F",
"versionEndExcluding": "15.0.1.4",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "91FA2E18-1602-402A-87EA-231A8C61CC61",
"versionEndExcluding": "15.1.0.5",
"versionStartIncluding": "15.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DE6BA692-402E-4ACF-9177-D30D21009EE5",
"versionEndExcluding": "14.1.2.7",
"versionStartIncluding": "14.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
"matchCriteriaId": "92F370C2-3C5A-416D-83C1-A4F84866E958",
"versionEndExcluding": "15.0.1.4",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6439340B-3E7E-4895-B261-875D999AA695",
"versionEndExcluding": "15.1.0.5",
"versionStartIncluding": "15.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B694BCD8-C5B4-491E-9F2D-2F5038E67A08",
"versionEndExcluding": "14.1.2.7",
"versionStartIncluding": "14.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "997D12F1-098D-4C42-A6A2-B4F59AC78F0F",
"versionEndExcluding": "15.0.1.4",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D54A63E0-A445-4674-B6B8-BEF946B71EFA",
"versionEndExcluding": "15.1.0.5",
"versionStartIncluding": "15.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "99801F76-09C1-4055-A15E-B4DEC0819033",
"versionEndExcluding": "14.1.2.7",
"versionStartIncluding": "14.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E6C4B56F-D022-4268-9D78-6E4D12AE9215",
"versionEndExcluding": "15.0.1.4",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2785E847-1627-4DD7-8361-6D3715A7ED5E",
"versionEndExcluding": "15.1.0.5",
"versionStartIncluding": "15.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7ACFC895-36F4-4C75-B218-8B9F0BF7CCE4",
"versionEndExcluding": "14.1.2.7",
"versionStartIncluding": "14.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EAFC0D83-7F64-44F2-A014-37DE3CAF846A",
"versionEndExcluding": "15.0.1.4",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "65F3F502-8DD7-4360-9954-3E6B245478F9",
"versionEndExcluding": "15.1.0.5",
"versionStartIncluding": "15.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*",
"matchCriteriaId": "87DCED41-57D0-4257-A88D-C7D860EBB6B4",
"versionEndExcluding": "14.1.2.7",
"versionStartIncluding": "14.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*",
"matchCriteriaId": "920BC3DD-A1D4-403B-83D2-00636C20FFC0",
"versionEndExcluding": "15.0.1.4",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A9CA2DAE-5D37-4D5D-8CD9-B20F152C3A46",
"versionEndExcluding": "15.1.0.5",
"versionStartIncluding": "15.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9DCA10DD-417C-44AE-97F4-7E34BC262E2B",
"versionEndExcluding": "14.1.2.7",
"versionStartIncluding": "14.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "49C8BE4A-DED6-451A-B6EE-AC95DD26F85A",
"versionEndExcluding": "15.0.1.4",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A77E2903-63E6-40ED-8BA5-C239A5C4257C",
"versionEndExcluding": "15.1.0.5",
"versionStartIncluding": "15.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E15696EE-E094-4F58-99D7-7F4C6875841C",
"versionEndExcluding": "14.1.2.7",
"versionStartIncluding": "14.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DEC0E30F-6550-4BC9-8DA7-6BD495DBF415",
"versionEndExcluding": "15.0.1.4",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0C4497A7-F6EC-4FBB-A2A6-44D26946A996",
"versionEndExcluding": "15.1.0.5",
"versionStartIncluding": "15.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C34BAE9A-74EA-4D55-802E-FD2A402331DD",
"versionEndExcluding": "14.1.2.7",
"versionStartIncluding": "14.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D5D90F4A-FA2A-412F-8591-D1CA6399ECAD",
"versionEndExcluding": "15.0.1.4",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3A04B2EA-9BCA-4756-B867-D728218B78C2",
"versionEndExcluding": "15.1.0.5",
"versionStartIncluding": "15.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6AE9FE91-55BE-4C31-9F39-23E7B8728E7C",
"versionEndExcluding": "14.1.2.7",
"versionStartIncluding": "14.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BAD2867D-D646-4B01-A383-6A47B51D059E",
"versionEndExcluding": "15.0.1.4",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9E45D995-6842-4C71-96CD-D7974F125506",
"versionEndExcluding": "15.1.0.5",
"versionStartIncluding": "15.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In BIG-IP versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, and 14.1.0-14.1.2.6, a BIG-IP virtual server with a Session Initiation Protocol (SIP) ALG profile, parsing SIP messages that contain a multi-part MIME payload with certain boundary strings can cause TMM to free memory to the wrong cache."
},
{
"lang": "es",
"value": "En BIG-IP versiones 15.1.0-15.1.0.4, 15.0.0-15.0.1.3 y 14.1.0-14.1.2.6, un servidor virtual BIG-IP con un perfil ALG de Session Initiation Protocol (SIP), analiza mensajes SIP que contienen una carga \u00fatil MIME multiparte con determinadas cadenas de l\u00edmites pueden causar que TMM libere memoria en la cach\u00e9 incorrecta"
}
],
"id": "CVE-2020-5926",
"lastModified": "2024-11-21T05:34:50.477",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-08-26T16:15:12.933",
"references": [
{
"source": "f5sirt@f5.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.f5.com/csp/article/K42830212"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.f5.com/csp/article/K42830212"
}
],
"sourceIdentifier": "f5sirt@f5.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-404"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…