Main Vulnerability Database Vulnerabilities #VU24238

Improper validation of integrity check value in BIG-IP - CVE-2020-5851

Published: January 14, 2020

Vulnerability identifier: #VU24238

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2020-5851

CWE-ID: CWE-354

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: F5 Networks

Affected software:
BIG-IP

Detailed vulnerability description

The vulnerability allows an attacker to hide malicious activity.

The Trusted Platform Module (TPM) on the BIG-IP iSeries platforms (i850, i2000, i4000, i5000, i7000, i10000, i11000, i15000) and the VIPRION B4450 blades fails to function properly and is unable to detect any potential security compromise of the affected systems.

How to mitigate CVE-2020-5851

This vulnerability affects only the following items: these engineering hotfixes based on BIG-IP 14.1.0.2; BIG-IP iSeries platforms; and VIPRION B4450 blades.

Sources

https://support.f5.com/csp/article/K91171450

Improper validation of integrity check value in BIG-IP - CVE-2020-5851

Detailed vulnerability description

How to mitigate CVE-2020-5851

Sources

Please verify you're human