SB2021012114 - Intel Ethernet 700 Series controllers vulnerabilities in F5 Networks F5OS

Security Bulletin ID SB2021012114

Severity

Low

Patch available

NO

Number of vulnerabilities 4

Exploitation vector Local access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 4 secuirty vulnerabilities.

1) Protection Mechanism Failure (CVE-ID: CVE-2020-8690)

The vulnerability allows a local user to bypass implemented security restrictions.

The vulnerability exists due to insufficient implementation of security measures. A local administrator can bypass implemented security restrictions, elevate privileges on the system and cause a denial of service (DoS) condition.

2) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2020-8691)

The vulnerability allows a local administrator to escalate privileges on the system.

The vulnerability exists due to a logic issue in the firmware, which leads to privilege escalation and denial of service (DoS) condition.

3) Improper access control (CVE-ID: CVE-2020-8692)

The vulnerability allows a local user to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions. A local administrator can bypass implemented security restrictions, escalate privileges and cause a denial of service (DoS) condition on the target system.

4) Buffer overflow (CVE-ID: CVE-2020-8693)

The vulnerability allows a local user to compromise the target system.

The vulnerability exists due to a boundary error. A local administrator can trigger memory corruption, gain elevated privieges and cause a denial of service (DoS) conditon on the target system.

Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References

https://support.f5.com/csp/article/K28563873