Multiple vulnerabilities in Intel E810 Ethernet Controllers in F5OS
| Risk | Low |
| Patch available | NO |
| Number of vulnerabilities | 5 |
| CVE-ID | CVE-2020-24497 CVE-2020-24498 CVE-2020-24500 CVE-2020-24501 CVE-2020-24505 |
| CWE-ID | CWE-284 CWE-119 CWE-20 |
| Exploitation vector | Local network |
| Public exploit | N/A |
| Vulnerable software |
F5OS Operating systems & Components / Operating system |
| Vendor | F5 Networks |
Security Bulletin
This security bulletin contains information about 5 vulnerabilities.
1) Improper access control
EUVDB-ID: #VU50700
Risk: Low
CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2020-24497
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions in the firmware. A local administrator can bypass implemented security restrictions and cause a denial of service (DoS) condition on the target system.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
F5OS: 1.0.0 - 1.1.0
CPE2.3 External linkshttps://support.f5.com/csp/article/K85738358
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Buffer overflow
EUVDB-ID: #VU50698
Risk: Low
CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2020-24498
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in the firmware. A local administrator can trigger memory corruption and cause a denial of service condition on the target system.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
F5OS: 1.0.0 - 1.1.0
CPE2.3 External linkshttps://support.f5.com/csp/article/K85738358
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Buffer overflow
EUVDB-ID: #VU50704
Risk: Low
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2020-24500
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in the firmware. A local administrator can trigger memory corruption and cause a denial of service condition on the target system.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
F5OS: 1.0.0 - 1.1.0
CPE2.3 External linkshttps://support.f5.com/csp/article/K85738358
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Buffer overflow
EUVDB-ID: #VU50701
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2020-24501
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote user to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in the firmware. A remote administrator on the local network can trigger memory corruption and cause a denial of service condition on the target system.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
F5OS: 1.0.0 - 1.1.0
CPE2.3 External linkshttps://support.f5.com/csp/article/K85738358
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Input validation error
EUVDB-ID: #VU50703
Risk: Low
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2020-24505
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in the firmware. A local administrator can pass specially crafted input to the application and perform a denial of service (DoS) attack.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
F5OS: 1.0.0 - 1.1.0
CPE2.3 External linkshttps://support.f5.com/csp/article/K85738358
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
