Multiple vulnerabilities in Intel 722 Ethernet Controllers in F5OS
| Risk | Low |
| Patch available | NO |
| Number of vulnerabilities | 5 |
| CVE-ID | CVE-2020-24492 CVE-2020-24493 CVE-2020-24494 CVE-2020-24495 CVE-2020-24496 |
| CWE-ID | CWE-284 CWE-20 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
F5OS Operating systems & Components / Operating system |
| Vendor | F5 Networks |
Security Bulletin
This security bulletin contains information about 5 vulnerabilities.
1) Improper access control
EUVDB-ID: #VU50695
Risk: Low
CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-24492
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions in the firmware. A local administrator can bypass implemented security restrictions and cause a denial of service (DoS) condition on the target system.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
F5OS: 1.0.0 - 1.1.0
CPE2.3 External linkshttp://support.f5.com/csp/article/K91610944
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Improper access control
EUVDB-ID: #VU50696
Risk: Low
CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-24493
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions in the firmware. A local administrator can bypass implemented security restrictions and cause a denial of service (DoS) condition on the target system.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
F5OS: 1.0.0 - 1.1.0
CPE2.3 External linkshttp://support.f5.com/csp/article/K91610944
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Improper access control
EUVDB-ID: #VU50699
Risk: Low
CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-24494
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions in the firmware. A local administrator can bypass implemented security restrictions and cause a denial of service (DoS) condition on the target system.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
F5OS: 1.0.0 - 1.1.0
CPE2.3 External linkshttp://support.f5.com/csp/article/K91610944
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Improper access control
EUVDB-ID: #VU50697
Risk: Low
CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-24495
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions in the firmware. A local administrator can bypass implemented security restrictions and cause a denial of service (DoS) condition on the target system.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
F5OS: 1.0.0 - 1.1.0
CPE2.3 External linkshttp://support.f5.com/csp/article/K91610944
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Input validation error
EUVDB-ID: #VU50702
Risk: Low
CVSSv3.1: 2 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-24496
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in the firmware. A local administrator can pass specially crafted input to the application and perform a denial of service (DoS) attack.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
F5OS: 1.0.0 - 1.1.0
CPE2.3 External linkshttp://support.f5.com/csp/article/K91610944
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
