Multiple vulnerabilities in F5 BIG-IQ Centralized Management
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 2 |
| CVE-ID | CVE-2020-5869 CVE-2020-5870 |
| CWE-ID | CWE-295 CWE-287 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
BIG-IQ Centralized Management Server applications / Remote management servers, RDP, SSH |
| Vendor | F5 Networks |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
1) Improper Certificate Validation
EUVDB-ID: #VU27304
Risk: Medium
CVSSv4.0: 6.9 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2020-5869
CWE-ID:
CWE-295 - Improper Certificate Validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a man-in-the-middle (MitM) attack.
The vulnerability exists due to the IG-IQ high availability (HA) synchronization is not secure by TLS. A remote attacker can perform a MitM attack and read or modify confidential data in transit.
MitigationInstall updates from vendor's website.
Vulnerable software versionsBIG-IQ Centralized Management: 5.2.0 - 7.0.0
CPE2.3- cpe:2.3:a:f5_networks:big-iq:5.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:f5_networks:big-iq:5.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:f5_networks:big-iq:5.4.0:*:*:*:*:*:*:*
https://support.f5.com/csp/article/K28855111
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Improper Authentication
EUVDB-ID: #VU27305
Risk: Low
CVSSv4.0: 4.9 [CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2020-5870
CWE-ID:
CWE-287 - Improper Authentication
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to the BIG-IQ high availability (HA) synchronization mechanisms do not use any form of authentication for connecting to the peer. A remote attacker on the local network can establish a connection to the BIG-IQ HA synchronization and compromise data.
MitigationInstall updates from vendor's website.
Vulnerable software versionsBIG-IQ Centralized Management: 5.2.0 - 7.0.0
CPE2.3- cpe:2.3:a:f5_networks:big-iq:5.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:f5_networks:big-iq:5.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:f5_networks:big-iq:5.4.0:*:*:*:*:*:*:*
https://support.f5.com/csp/article/K69422435
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
