Information disclosure in Linux kernel if F5 BIG-IP products
Security Bulletin
This security bulletin contains one medium risk vulnerability.
1) Use of insufficiently random values
EUVDB-ID: #VU49150
Risk: Medium
CVSSv3.1: 4.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:U/RC:C]
CVE-ID: CVE-2020-25705
CWE-ID:
CWE-330 - Use of Insufficiently Random Values
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
A flaw in the way reply ICMP packets are limited in the Linux kernel functionality was found that allows to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypassing source port UDP randomization. The highest threat from this vulnerability is to confidentiality and possibly integrity, because software that relies on UDP source port randomization are indirectly affected as well.
MitigationInstall update from vendor's website.
Vulnerable software versionsBIG-IP APM: 11.6.1 - 13.1.3.5
BIG-IP SSLO: 11.6.1 - 13.1.3.5
BIG-IP DDHD: 11.6.1 - 13.1.3.5
BIG-IP Advanced WAF: 11.6.1 - 13.1.3.5
BIG-IP PEM: 11.6.1 - 13.1.3.5
BIG-IP Link Controller: 11.6.1 - 13.1.3.5
BIG-IP GTM: 11.6.1 - 13.1.3.5
BIG-IP FPS: 11.6.1 - 13.1.3.5
BIG-IP DNS: 11.6.1 - 13.1.3.5
BIG-IP ASM: 11.6.1 - 13.1.3.5
BIG-IP Analytics: 11.6.1 - 13.1.3.5
BIG-IP AFM: 11.6.1 - 13.1.3.5
BIG-IP AAM: 11.6.1 - 13.1.3.5
BIG-IP LTM: 11.6.1 - 13.1.3.5
BIG-IP: 11.6.1 - 13.1.3.5
BIG-IQ Centralized Management: 5.4.0 - 7.1.0
External linkshttp://support.f5.com/csp/article/K09604370
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
