#VU49068 Memory leak in F5 Networks products - CVE-2020-27725

Cybersecurity Help s.r.o.

Published: 2020-12-17

Vulnerability identifier: #VU49068

Vulnerability risk: Low

CVSSv4.0: 2.1 [CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2020-27725

CWE-ID: CWE-401

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
BIG-IP DNS
Hardware solutions / Routers & switches, VoIP, GSM, etc
BIG-IP Link Controller
Hardware solutions / Routers & switches, VoIP, GSM, etc
BIG-IP GTM
Hardware solutions / Security hardware applicances

Vendor: F5 Networks

Description
The vulnerability allows a remote user to perform DoS attack on the target system.

The vulnerability exists due memory leak in zxfrd process when listing DNS zones. A remote user with access to TMSH, iControl or SNMP can force the application to leak memory and perform denial of service attack.

This vulnerability affects only BIG-IP systems that are provisioned with BIG-IP DNS or BIG-IP GTM and at least one DNS zone.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

BIG-IP DNS: 11.6.1 - 15.1.0.5

BIG-IP GTM: 11.6.1 HF1 - 15.1.0.5

BIG-IP Link Controller: 11.6.1 HF1 - 15.1.0.5

External links
https://support.f5.com/csp/article/K25595031

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Denial of service in zxfrd process in F5 BIG-IP