Main Vulnerability Database Vulnerabilities #VU24238

#VU24238 Improper validation of integrity check value in BIG-IP - CVE-2020-5851

Published: January 14, 2020

Vulnerability identifier: #VU24238

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2020-5851

CWE-ID: CWE-354

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
BIG-IP

Software vendor:
F5 Networks

Description

The vulnerability allows an attacker to hide malicious activity.

The Trusted Platform Module (TPM) on the BIG-IP iSeries platforms (i850, i2000, i4000, i5000, i7000, i10000, i11000, i15000) and the VIPRION B4450 blades fails to function properly and is unable to detect any potential security compromise of the affected systems.

Remediation

This vulnerability affects only the following items: these engineering hotfixes based on BIG-IP 14.1.0.2; BIG-IP iSeries platforms; and VIPRION B4450 blades.

External links

https://support.f5.com/csp/article/K91171450