SB2020122814 - Multiple vulnerabilities in F5 BIG-IQ Centralized Management
Published: December 28, 2020
Security Bulletin ID
SB2020122814
Severity
High
Patch available
NO
Number of vulnerabilities
2
Exploitation vector
Remote access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 2 secuirty vulnerabilities.
1) Buffer overflow (CVE-ID: CVE-2018-1126)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to improper bounds checking. A remote attacker can send a specially crafted request, trigger memory corruption and execute arbitrary code with elevated privileges.
2) Integer overflow (CVE-ID: CVE-2018-1124)
The vulnerability allows a local attacker to gain elevated privileges on the target system.The weakness exists due to integer overflow in libprocps's file2strvec() function. A local attacker can execute a vulnerable utility (pgrep, pidof, pkill, and w are vulnerable by default; other utilities are vulnerable if executed with non-default options) and gain elevated privileges.
Remediation
Cybersecurity Help is not aware of any official remediation provided by the vendor.