SB2020042408 - Multiple vulnerabilities in F5 BIG-IQ Centralized Management

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2020042408

SB2020042408 - Multiple vulnerabilities in F5 BIG-IQ Centralized Management

Published: April 24, 2020

Security Bulletin ID SB2020042408
Severity
Medium
Patch available
YES
Number of vulnerabilities 2
Exploitation vector Remote access
Highest impact Data manipulation

Breakdown by Severity

Medium 50% Low 50%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.


1) Improper Certificate Validation (CVE-ID: CVE-2020-5869)

The vulnerability allows a remote attacker to perform a man-in-the-middle (MitM) attack.

The vulnerability exists due to the IG-IQ high availability (HA) synchronization is not secure by TLS. A remote attacker can perform a MitM attack and read or modify confidential data in transit.


2) Improper Authentication (CVE-ID: CVE-2020-5870)

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to the BIG-IQ high availability (HA) synchronization mechanisms do not use any form of authentication for connecting to the peer. A remote attacker on the local network can establish a connection to the BIG-IQ HA synchronization and compromise data.


Remediation

Install update from vendor's website.

References