ID
VAR-202011-1450
CVE
CVE-2020-5942
TITLE
BIG-IP PEM Vulnerability in
Trust: 0.8
DESCRIPTION
In BIG-IP PEM versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-14.1.2.7, 13.1.0-13.1.3.4, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, when processing Capabilities-Exchange-Answer (CEA) packets with certain attributes from the Policy and Charging Rules Function (PCRF) server, the Traffic Management Microkernel (TMM) may generate a core file and restart. BIG-IP PEM Contains an unspecified vulnerability.Denial of service (DoS) It may be put into a state. F5 BIG-IP is an application delivery platform integrated with network traffic management, application security management, load balancing and other functions of the US company F5. The following products and versions are affected: BIG-IP 16.0.0, 15.1.0, 14.1.0 to 14.1.2, 13.1.0 to 13.1.3, 12.1.0 to 12.1.5, 11.6.1 to 11.6.5
Trust: 1.71
AFFECTED PRODUCTS
| vendor: | f5 | model: | big-ip policy enforcement manager | scope: | lte | version: | 12.1.5.2 | Trust: 1.0 |
| vendor: | f5 | model: | big-ip policy enforcement manager | scope: | gte | version: | 15.1.0 | Trust: 1.0 |
| vendor: | f5 | model: | big-ip policy enforcement manager | scope: | lte | version: | 13.1.3.4 | Trust: 1.0 |
| vendor: | f5 | model: | big-ip policy enforcement manager | scope: | gte | version: | 16.0.0 | Trust: 1.0 |
| vendor: | f5 | model: | big-ip policy enforcement manager | scope: | gte | version: | 11.6.1 | Trust: 1.0 |
| vendor: | f5 | model: | big-ip policy enforcement manager | scope: | lte | version: | 11.6.5.2 | Trust: 1.0 |
| vendor: | f5 | model: | big-ip policy enforcement manager | scope: | gte | version: | 13.1.0 | Trust: 1.0 |
| vendor: | f5 | model: | big-ip policy enforcement manager | scope: | lt | version: | 16.0.1 | Trust: 1.0 |
| vendor: | f5 | model: | big-ip policy enforcement manager | scope: | lt | version: | 15.1.1 | Trust: 1.0 |
| vendor: | f5 | model: | big-ip policy enforcement manager | scope: | gte | version: | 14.1.0 | Trust: 1.0 |
| vendor: | f5 | model: | big-ip policy enforcement manager | scope: | gte | version: | 12.1.0 | Trust: 1.0 |
| vendor: | f5 | model: | big-ip policy enforcement manager | scope: | lt | version: | 14.1.2.8 | Trust: 1.0 |
| vendor: | f5 | model: | big-ip policy enforcement manager | scope: | eq | version: | 13.1.0-13.1.3.4 | Trust: 0.8 |
| vendor: | f5 | model: | big-ip policy enforcement manager | scope: | eq | version: | 16.0.0-16.0.0.1 | Trust: 0.8 |
| vendor: | f5 | model: | big-ip policy enforcement manager | scope: | eq | version: | 15.1.0-15.1.0.5 | Trust: 0.8 |
| vendor: | f5 | model: | big-ip policy enforcement manager | scope: | eq | version: | - | Trust: 0.8 |
| vendor: | f5 | model: | big-ip policy enforcement manager | scope: | eq | version: | 14.1.0-14.1.2.7 | Trust: 0.8 |
| vendor: | f5 | model: | big-ip policy enforcement manager | scope: | eq | version: | 11.6.1-11.6.5.2 | Trust: 0.8 |
| vendor: | f5 | model: | big-ip policy enforcement manager | scope: | eq | version: | 12.1.0-12.1.5.2 | Trust: 0.8 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
PROBLEMTYPE DATA
| problemtype: | NVD-CWE-noinfo | Trust: 1.0 |
| problemtype: | Lack of information (CWE-noinfo) [NVD Evaluation ] | Trust: 0.8 |
THREAT TYPE
remote
Trust: 0.6
TYPE
other
Trust: 0.6
PATCH
| title: | K82530456 | url: | https://support.f5.com/csp/article/K82530456 | Trust: 0.8 |
| title: | F5 BIG-IP Security vulnerabilities | url: | http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=132696 | Trust: 0.6 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2020-5942 | Trust: 2.5 |
| db: | JVNDB | id: | JVNDB-2020-013142 | Trust: 0.8 |
| db: | CNNVD | id: | CNNVD-202011-165 | Trust: 0.7 |
| db: | AUSCERT | id: | ESB-2020.3776 | Trust: 0.6 |
| db: | VULHUB | id: | VHN-184067 | Trust: 0.1 |
REFERENCES
| url: | https://support.f5.com/csp/article/k82530456 | Trust: 1.7 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2020-5942 | Trust: 1.4 |
| url: | https://www.auscert.org.au/bulletins/esb-2020.3776/ | Trust: 0.6 |
| url: | https://vigilance.fr/vulnerability/f5-big-ip-memory-leak-via-diameter-cea-pcrf-33768 | Trust: 0.6 |
SOURCES
| db: | VULHUB | id: | VHN-184067 |
| db: | JVNDB | id: | JVNDB-2020-013142 |
| db: | CNNVD | id: | CNNVD-202011-165 |
| db: | NVD | id: | CVE-2020-5942 |
LAST UPDATE DATE
2024-11-23T22:54:58.151000+00:00
SOURCES UPDATE DATE
| db: | VULHUB | id: | VHN-184067 | date: | 2020-11-16T00:00:00 |
| db: | JVNDB | id: | JVNDB-2020-013142 | date: | 2021-06-21T05:15:00 |
| db: | CNNVD | id: | CNNVD-202011-165 | date: | 2020-11-24T00:00:00 |
| db: | NVD | id: | CVE-2020-5942 | date: | 2024-11-21T05:34:52.443 |
SOURCES RELEASE DATE
| db: | VULHUB | id: | VHN-184067 | date: | 2020-11-05T00:00:00 |
| db: | JVNDB | id: | JVNDB-2020-013142 | date: | 2021-06-21T00:00:00 |
| db: | CNNVD | id: | CNNVD-202011-165 | date: | 2020-11-03T00:00:00 |
| db: | NVD | id: | CVE-2020-5942 | date: | 2020-11-05T20:15:17.677 |