Man-in-the-Middle (MitM) attack in F5 BIG-IP products and BIG-IQ Centralized Management
| Risk | Medium |
| Patch available | NO |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2020-5860 |
| CWE-ID | CWE-300 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
BIG-IQ Centralized Management Server applications / Remote management servers, RDP, SSH BIG-IP Hardware solutions / Firmware BIG-IP LTM Hardware solutions / Security hardware applicances BIG-IP AFM Hardware solutions / Security hardware applicances BIG-IP Analytics Hardware solutions / Security hardware applicances BIG-IP APM Hardware solutions / Security hardware applicances BIG-IP ASM Hardware solutions / Security hardware applicances BIG-IP FPS Hardware solutions / Security hardware applicances BIG-IP GTM Hardware solutions / Security hardware applicances BIG-IP PEM Hardware solutions / Security hardware applicances BIG-IP AAM Hardware solutions / Routers & switches, VoIP, GSM, etc BIG-IP DNS Hardware solutions / Routers & switches, VoIP, GSM, etc BIG-IP Link Controller Hardware solutions / Routers & switches, VoIP, GSM, etc |
| Vendor | F5 Networks |
Security Bulletin
This security bulletin contains one medium risk vulnerability.
1) Man-in-the-Middle (MitM) attack
EUVDB-ID: #VU26459
Risk: Medium
CVSSv4.0: 4.8 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2020-5860
CWE-ID:
CWE-300 - Channel Accessible by Non-Endpoint ('Man-in-the-Middle')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a man-in-the-middle (MitM) attack.
The vulnerability exists in a High Availability (HA) network failover in Device Service Cluster (DSC) due to the failover service does not require a strong form of authentication and HA network failover traffic is not encrypted by Transport Layer Security (TLS). A remote attacker can perform a man-in-the-middle attack to access the unencrypted HA network failover traffic.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsBIG-IQ Centralized Management: 5.2.0 - 7.0.0
BIG-IP: 11.5.2 - 15.1.0
BIG-IP LTM: 11.5.2 - 15.1.0
BIG-IP AAM: 11.5.2 - 15.1.0
BIG-IP AFM: 11.5.2 - 15.1.0
BIG-IP Analytics: 11.5.2 - 15.1.0
BIG-IP APM: 11.5.2 - 15.1.0
BIG-IP ASM: 11.5.2 - 15.1.0
BIG-IP DNS: 11.5.2 - 15.1.0
BIG-IP FPS: 11.5.2 - 15.1.0
BIG-IP GTM: 11.5.2 - 15.1.0
BIG-IP Link Controller: 11.5.2 - 15.1.0
BIG-IP PEM: 11.5.2 - 15.1.0
CPE2.3- cpe:2.3:a:f5_networks:big-iq:5.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:f5_networks:big-iq:5.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:f5_networks:big-iq:5.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip:11.5.10:*:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip:11.6.5:*:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip:12.1.5:*:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip:13.1.3:*:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip:14.1.2:*:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip:15.0.1:*:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip:15.1.0:*:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip_ltm:11.5.2:*:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip_aam:11.5.2:*:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip_afm:11.5.2:*:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip_analytics:11.5.2:*:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip_apm:11.5.2:*:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip_asm:11.5.2:*:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip_dns:11.5.2:*:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip_fps:11.5.2:*:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip_gtm:11.5.2:*:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip_link_controller:11.5.2:*:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip_pem:11.5.2:*:*:*:*:*:*:*
https://support.f5.com/csp/article/K67472032
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
