CVE-2020-5947

Published: Nov 19, 2020 Last Modified: Nov 21, 2024 EU-VD ID: EUVD-2020-27101 Aliases: GSD-2020-5947
ExploitDB:
Other exploit source:
Google Dorks:
MEDIUM 4,3
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: low
User Interaction: none
Scope: unchanged
Confidentiality: low
Integrity: none
Availability: none
MEDIUM 4,0
Source: [email protected]
Access Vector: network
Access Complexity: low
Authentication: single
Confidentiality: partial
Integrity: none
Availability: none

Description

AI Translation Available

In versions 16.0.0-16.0.0.1 and 15.1.0-15.1.1, on specific BIG-IP platforms, attackers may be able to obtain TCP sequence numbers from the BIG-IP system that can be reused in future connections with the same source and destination port and IP numbers. Only these platforms are affected: BIG-IP 2000 series (C112), BIG-IP 4000 series (C113), BIG-IP i2000 series (C117), BIG-IP i4000 series (C115), BIG-IP Virtual Edition (VE).

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score
0,0019
Percentile
0,4th
Updated

EPSS Score Trend (Last 90 Days)

Application

Big-Ip Advanced Firewall Manager by F5

Product Information
Vendor F5
Product Big-Ip Advanced Firewall Manager
Version Range Affected
From 16.0.0 (inclusive)
To 16.0.1 (exclusive)
cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Big-Ip Link Controller by F5

Product Information
Vendor F5
Product Big-Ip Link Controller
Version Range Affected
From 16.0.0 (inclusive)
To 16.0.1 (exclusive)
cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Big-Ip Fraud Protection Service by F5

Product Information
Vendor F5
Product Big-Ip Fraud Protection Service
Version Range Affected
From 15.0.0 (inclusive)
To 15.1.2 (exclusive)
cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Big-Ip Application Acceleration Manager by F5

Product Information
Vendor F5
Product Big-Ip Application Acceleration Manager
Version Range Affected
From 15.0.0 (inclusive)
To 15.1.2 (exclusive)
cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Big-Ip Advanced Web Application Firewall by F5

Product Information
Vendor F5
Product Big-Ip Advanced Web Application Firewall
Version Range Affected
From 15.0.0 (inclusive)
To 15.1.2 (exclusive)
cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Big-Ip Link Controller by F5

Product Information
Vendor F5
Product Big-Ip Link Controller
Version Range Affected
From 15.0.0 (inclusive)
To 15.1.2 (exclusive)
cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Big-Ip Ddos Hybrid Defender by F5

Product Information
Vendor F5
Product Big-Ip Ddos Hybrid Defender
Version Range Affected
From 16.0.0 (inclusive)
To 16.0.1 (exclusive)
cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Big-Ip Domain Name System by F5

Product Information
Vendor F5
Product Big-Ip Domain Name System
Version Range Affected
From 15.0.0 (inclusive)
To 15.1.2 (exclusive)
cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Ssl Orchestrator by F5

Product Information
Vendor F5
Product Ssl Orchestrator
Version Range Affected
From 16.0.0 (inclusive)
To 16.0.1 (exclusive)
cpe:2.3:a:f5:ssl_orchestrator:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Ssl Orchestrator by F5

Product Information
Vendor F5
Product Ssl Orchestrator
Version Range Affected
From 15.0.0 (inclusive)
To 15.1.2 (exclusive)
cpe:2.3:a:f5:ssl_orchestrator:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Big-Ip Access Policy Manager by F5

Product Information
Vendor F5
Product Big-Ip Access Policy Manager
Version Range Affected
From 16.0.0 (inclusive)
To 16.0.1 (exclusive)
cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Big-Ip Local Traffic Manager by F5

Product Information
Vendor F5
Product Big-Ip Local Traffic Manager
Version Range Affected
From 16.0.0 (inclusive)
To 16.0.1 (exclusive)
cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Big-Ip Fraud Protection Service by F5

Product Information
Vendor F5
Product Big-Ip Fraud Protection Service
Version Range Affected
From 16.0.0 (inclusive)
To 16.0.1 (exclusive)
cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Big-Ip Access Policy Manager by F5

Product Information
Vendor F5
Product Big-Ip Access Policy Manager
Version Range Affected
From 15.0.0 (inclusive)
To 15.1.2 (exclusive)
cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Big-Ip Analytics by F5

Product Information
Vendor F5
Product Big-Ip Analytics
Version Range Affected
From 15.0.0 (inclusive)
To 15.1.2 (exclusive)
cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Big-Ip Global Traffic Manager by F5

Product Information
Vendor F5
Product Big-Ip Global Traffic Manager
Version Range Affected
From 15.0.0 (inclusive)
To 15.1.2 (inclusive)
cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Big-Ip Policy Enforcement Manager by F5

Product Information
Vendor F5
Product Big-Ip Policy Enforcement Manager
Version Range Affected
From 15.0.0 (inclusive)
To 15.1.2 (exclusive)
cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Big-Ip Local Traffic Manager by F5

Product Information
Vendor F5
Product Big-Ip Local Traffic Manager
Version Range Affected
From 15.0.0 (inclusive)
To 15.1.2 (exclusive)
cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Big-Ip Domain Name System by F5

Product Information
Vendor F5
Product Big-Ip Domain Name System
Version Range Affected
From 16.0.0 (inclusive)
To 16.0.1 (exclusive)
cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Big-Ip Application Security Manager by F5

Product Information
Vendor F5
Product Big-Ip Application Security Manager
Version Range Affected
From 16.0.0 (inclusive)
To 16.0.1 (exclusive)
cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Big-Ip Application Acceleration Manager by F5

Product Information
Vendor F5
Product Big-Ip Application Acceleration Manager
Version Range Affected
From 16.0.0 (inclusive)
To 16.0.1 (exclusive)
cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Big-Ip Ddos Hybrid Defender by F5

Product Information
Vendor F5
Product Big-Ip Ddos Hybrid Defender
Version Range Affected
From 15.0.0 (inclusive)
To 15.1.2 (exclusive)
cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Big-Ip Advanced Firewall Manager by F5

Product Information
Vendor F5
Product Big-Ip Advanced Firewall Manager
Version Range Affected
From 15.0.0 (inclusive)
To 15.1.2 (exclusive)
cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Big-Ip Policy Enforcement Manager by F5

Product Information
Vendor F5
Product Big-Ip Policy Enforcement Manager
Version Range Affected
From 16.0.0 (inclusive)
To 16.0.1 (exclusive)
cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Big-Ip Global Traffic Manager by F5

Product Information
Vendor F5
Product Big-Ip Global Traffic Manager
Version Range Affected
From 16.0.0 (inclusive)
To 16.0.1 (exclusive)
cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Big-Ip Application Security Manager by F5

Product Information
Vendor F5
Product Big-Ip Application Security Manager
Version Range Affected
From 15.0.0 (inclusive)
To 15.1.2 (exclusive)
cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Big-Ip Analytics by F5

Product Information
Vendor F5
Product Big-Ip Analytics
Version Range Affected
From 16.0.0 (inclusive)
To 16.0.1 (exclusive)
cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Big-Ip Advanced Web Application Firewall by F5

Product Information
Vendor F5
Product Big-Ip Advanced Web Application Firewall
Version Range Affected
From 16.0.0 (inclusive)
To 16.0.1 (exclusive)
cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://support.f5.com/csp/article/K64571774
Vendor Advisory
https://support.f5.com/csp/article/K64571774
https://support.f5.com/csp/article/K64571774
Vendor Advisory
https://support.f5.com/csp/article/K64571774