Main Vulnerability Database SB2020033008

SB2020033008 - Man-in-the-Middle (MitM) attack in F5 BIG-IP products and BIG-IQ Centralized Management

Published: March 30, 2020

Security Bulletin ID SB2020033008

Severity

Medium

Patch available

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Man-in-the-Middle (MitM) attack (CVE-ID: CVE-2020-5860)

The vulnerability allows a remote attacker to perform a man-in-the-middle (MitM) attack.

The vulnerability exists in a High Availability (HA) network failover in Device Service Cluster (DSC) due to the failover service does not require a strong form of authentication and HA network failover traffic is not encrypted by Transport Layer Security (TLS). A remote attacker can perform a man-in-the-middle attack to access the unencrypted HA network failover traffic.

Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References

https://support.f5.com/csp/article/K67472032

SB2020033008 - Man-in-the-Middle (MitM) attack in F5 BIG-IP products and BIG-IQ Centralized Management

Breakdown by Severity

Description

Remediation

References

Please verify you're human