Risk | Low |
Patch available | NO |
Number of vulnerabilities | 4 |
CVE-ID | CVE-2020-0523 CVE-2020-0524 CVE-2020-0525 CVE-2020-0522 |
CWE-ID | CWE-284 CWE-276 CWE-665 |
Exploitation vector | Local |
Public exploit | N/A |
Vulnerable software |
BIG-IP Hardware solutions / Firmware |
Vendor | F5 Networks |
Security Bulletin
This security bulletin contains information about 4 vulnerabilities.
EUVDB-ID: #VU50577
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-0523
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper access restrictions in the firmware for the Intel(R) Ethernet I210 Controller series of network adapters. A local privileged user can bypass implemented security restrictions and perform a denial of service (DoS) attack.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
BIG-IP: 12.1.0 HF1 - 16.0.1.1.9.6
CPE2.3http://support.f5.com/csp/article/K31445234
http://support.f5.com/csp/article/K83504933
http://support.f5.com/csp/article/K44482551
http://support.f5.com/csp/article/K37283878
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU50578
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-0524
CWE-ID:
CWE-276 - Incorrect Default Permissions
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service attack.
The vulnerability exists due to incorrect default permissions in the firmware for the Intel(R) Ethernet I210 Controller series of network adapters. A local user can perform a denial of service attack.
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.
BIG-IP: 12.1.0 HF1 - 16.0.1.1.9.6
CPE2.3http://support.f5.com/csp/article/K31445234
http://support.f5.com/csp/article/K83504933
http://support.f5.com/csp/article/K44482551
http://support.f5.com/csp/article/K37283878
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU50579
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-0525
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper access restrictions in the firmware for the Intel(R) Ethernet I210 Controller series of network adapters. A local user can bypass implemented security restrictions and perform a denial of service (DoS) attack.
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.
BIG-IP: 12.1.0 HF1 - 16.0.1.1.9.6
CPE2.3http://support.f5.com/csp/article/K31445234
http://support.f5.com/csp/article/K83504933
http://support.f5.com/csp/article/K44482551
http://support.f5.com/csp/article/K37283878
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU50576
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-0522
CWE-ID:
CWE-665 - Improper Initialization
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper initialization in the firmware for the Intel(R) Ethernet I210 Controller series of network adapters. A local user can run a specially crafted application to crash the system.
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.
BIG-IP: 12.1.0 HF1 - 16.0.1.1.9.6
CPE2.3http://support.f5.com/csp/article/K31445234
http://support.f5.com/csp/article/K83504933
http://support.f5.com/csp/article/K44482551
http://support.f5.com/csp/article/K37283878
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.