CVE-2020-27718

Published: Dic 24, 2020 Last Modified: Nov 21, 2024 EU-VD ID: EUVD-2020-20222 Aliases: GSD-2020-27718
ExploitDB:
Other exploit source:
Google Dorks:
HIGH 7,5
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: none
User Interaction: none
Scope: unchanged
Confidentiality: none
Integrity: none
Availability: high
MEDIUM 5,0
Source: [email protected]
Access Vector: network
Access Complexity: low
Authentication: none
Confidentiality: none
Integrity: none
Availability: partial

Description

AI Translation Available

When a BIG-IP ASM or Advanced WAF system running version 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-14.1.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.2, or 11.6.1-11.6.5.2 processes requests with JSON payload, an unusually large number of parameters can cause excessive CPU usage in the BIG-IP ASM bd process.

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score
0,0065
Percentile
0,7th
Updated

EPSS Score Trend (Last 91 Days)

Application

Big-Ip Application Security Manager by F5

Product Information
Vendor F5
Product Big-Ip Application Security Manager
Version Range Affected
From 12.1.0 (inclusive)
To 12.1.5 (inclusive)
cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Big-Ip Advanced Web Application Firewall by F5

Product Information
Vendor F5
Product Big-Ip Advanced Web Application Firewall
Version Range Affected
From 12.1.0 (inclusive)
To 12.1.5 (inclusive)
cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Big-Ip Advanced Web Application Firewall by F5

Product Information
Vendor F5
Product Big-Ip Advanced Web Application Firewall
Version Range Affected
From 13.1.0 (inclusive)
To 13.1.3.5 (exclusive)
cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Big-Ip Application Security Manager by F5

Product Information
Vendor F5
Product Big-Ip Application Security Manager
Version Range Affected
From 14.1.0 (inclusive)
To 14.1.3.1 (exclusive)
cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Big-Ip Application Security Manager by F5

Product Information
Vendor F5
Product Big-Ip Application Security Manager
Version Range Affected
From 15.0.0 (inclusive)
To 15.1.1 (exclusive)
cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Big-Ip Application Security Manager by F5

Product Information
Vendor F5
Product Big-Ip Application Security Manager
Version Range Affected
From 13.1.0 (inclusive)
To 13.1.3.5 (exclusive)
cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Big-Ip Application Security Manager by F5

Product Information
Vendor F5
Product Big-Ip Application Security Manager
Version Range Affected
From 11.6.1 (inclusive)
To 11.6.5 (inclusive)
cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Big-Ip Advanced Web Application Firewall by F5

Product Information
Vendor F5
Product Big-Ip Advanced Web Application Firewall
Version Range Affected
From 14.1.0 (inclusive)
To 14.1.3.1 (exclusive)
cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Big-Ip Application Security Manager by F5

Product Information
Vendor F5
Product Big-Ip Application Security Manager
Version Range Affected
From 16.0.0 (inclusive)
To 16.0.1 (exclusive)
cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Big-Ip Advanced Web Application Firewall by F5

Product Information
Vendor F5
Product Big-Ip Advanced Web Application Firewall
Version Range Affected
From 11.6.1 (inclusive)
To 11.6.5 (inclusive)
cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Big-Ip Advanced Web Application Firewall by F5

Product Information
Vendor F5
Product Big-Ip Advanced Web Application Firewall
Version Range Affected
From 15.0.0 (inclusive)
To 15.1.1 (exclusive)
cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Big-Ip Advanced Web Application Firewall by F5

Product Information
Vendor F5
Product Big-Ip Advanced Web Application Firewall
Version Range Affected
From 16.0.0 (inclusive)
To 16.0.1 (exclusive)
cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://support.f5.com/csp/article/K58102101
Vendor Advisory
https://support.f5.com/csp/article/K58102101
https://support.f5.com/csp/article/K58102101
Vendor Advisory
https://support.f5.com/csp/article/K58102101