CVE-2020-5938

Published Oct 29, 2020
Last updated 4 years ago
CVSS medium 6.5
Overview

Description: On BIG-IP 13.1.0-13.1.3.4, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, when negotiating IPSec tunnels with configured, authenticated peers, the peer may negotiate a different key length than the BIG-IP configuration would otherwise allow.
Source: f5sirt@f5.com
NVD status: Analyzed
Risk scores

CVSS 3.1

Type: Primary
Base score: 6.5
Impact score: 3.6
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Severity: MEDIUM
CVSS 2.0

Type: Primary
Base score: 4
Impact score: 2.9
Exploitability score: 8
Vector string: AV:N/AC:L/Au:S/C:P/I:N/A:N
Weaknesses

nvd@nist.gov: CWE-326
Hype score: Not currently trending
Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1F82C168-C3F0-4E5A-9465-4C9BE57FE888",
            "versionEndIncluding": "11.6.5.2",
            "versionStartIncluding": "11.6.1"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3C0D3868-7BA0-482C-ADE9-4B4087C07B69",
            "versionEndIncluding": "12.1.5.2",
            "versionStartIncluding": "12.1.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CF3BAF12-9795-4C5A-81A5-EFCEB46630C3",
            "versionEndIncluding": "13.1.3.4",
            "versionStartIncluding": "13.1.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "26EA444C-FA23-40A7-98C7-404DC8E5611F",
            "versionEndIncluding": "11.6.5.2",
            "versionStartIncluding": "11.6.1"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "08D80A54-B719-4AD4-8861-1D98D26B9736",
            "versionEndIncluding": "12.1.5.2",
            "versionStartIncluding": "12.1.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "18AA373F-C5FE-42A4-AF3C-26F51F124A34",
            "versionEndIncluding": "13.1.3.4",
            "versionStartIncluding": "13.1.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D6AF221D-F7EC-40C9-BC9C-4F7C054C1600",
            "versionEndIncluding": "11.6.5.2",
            "versionStartIncluding": "11.6.1"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "33BC59FD-6410-4F4D-B6A7-5DA3249A87EE",
            "versionEndIncluding": "12.1.5.2",
            "versionStartIncluding": "12.1.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1E9213C5-1D33-4718-AEEF-F3D174809054",
            "versionEndIncluding": "13.1.3.4",
            "versionStartIncluding": "13.1.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8088D322-514B-49C3-9041-7FCD6902A0E6",
            "versionEndIncluding": "11.6.5.2",
            "versionStartIncluding": "11.6.1"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B11E0D81-E40D-43EB-8315-F11FD78A2485",
            "versionEndIncluding": "12.1.5.2",
            "versionStartIncluding": "12.1.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "87EDF992-832C-4A4D-8766-F3D7135E74CF",
            "versionEndIncluding": "13.1.3.4",
            "versionStartIncluding": "13.1.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "74330249-E08A-4DAB-AB9F-13BE634D74DA",
            "versionEndIncluding": "11.6.5.2",
            "versionStartIncluding": "11.6.1"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3F258902-6395-40F3-9D53-F2582ED17EEF",
            "versionEndIncluding": "12.1.5.2",
            "versionStartIncluding": "12.1.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C86000FB-C74C-48E2-A4DE-8326805D5A1E",
            "versionEndIncluding": "13.1.3.4",
            "versionStartIncluding": "13.1.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C9A86305-2292-40FB-A984-9B15F7A079F0",
            "versionEndIncluding": "11.6.5.2",
            "versionStartIncluding": "11.6.1"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8FE5AD25-A186-4813-9114-6795629E906E",
            "versionEndIncluding": "12.1.5.2",
            "versionStartIncluding": "12.1.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "33F9B68F-5888-4099-BBC6-DD88343AC508",
            "versionEndIncluding": "13.1.3.4",
            "versionStartIncluding": "13.1.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AAC89B6B-885D-4E3B-B477-497B70301255",
            "versionEndIncluding": "11.6.5.2",
            "versionStartIncluding": "11.6.1"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EB9F95F4-B631-4607-A459-7166E8A3F88B",
            "versionEndIncluding": "12.1.5.2",
            "versionStartIncluding": "12.1.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CFAF23BC-987A-40FB-ABB5-2EB7E473314B",
            "versionEndIncluding": "13.1.3.4",
            "versionStartIncluding": "13.1.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5415B126-600B-4200-AA87-AFB434BFAE9F",
            "versionEndIncluding": "11.6.5.2",
            "versionStartIncluding": "11.6.1"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "06DB5080-4612-45CB-9B8D-3BD97A7EC6AF",
            "versionEndIncluding": "12.1.5.2",
            "versionStartIncluding": "12.1.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "85FAFA26-3B92-4CAE-8DD6-0A26B49794A8",
            "versionEndIncluding": "13.1.3.4",
            "versionStartIncluding": "13.1.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "46F2C7CC-928E-418F-9033-AF84835EF588",
            "versionEndIncluding": "11.6.5.2",
            "versionStartIncluding": "11.6.1"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F9DD232C-0ECA-4E8C-8419-50C6D0C6D3E1",
            "versionEndIncluding": "12.1.5.2",
            "versionStartIncluding": "12.1.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A6B0B7F5-5F35-4D0B-84D9-F0C198632E41",
            "versionEndIncluding": "13.1.3.4",
            "versionStartIncluding": "13.1.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B7A79CD5-DF43-4D88-928B-0145CAD4069D",
            "versionEndIncluding": "11.6.5.2",
            "versionStartIncluding": "11.6.1"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1E204494-3006-43E1-A468-9B4633295D55",
            "versionEndIncluding": "12.1.5.2",
            "versionStartIncluding": "12.1.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8E6EB084-C77A-4375-BB96-F961E7DBCAA2",
            "versionEndIncluding": "13.1.3.4",
            "versionStartIncluding": "13.1.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "714EE4A8-ACA0-40A5-B183-34D08591A82B",
            "versionEndIncluding": "11.6.5.2",
            "versionStartIncluding": "11.6.1"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "92BFAFD4-B4A2-4F64-B928-714170074AEA",
            "versionEndIncluding": "12.1.5.2",
            "versionStartIncluding": "12.1.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "37FEF755-ED1A-4F9C-B19F-3D136A07E1DA",
            "versionEndIncluding": "13.1.3.4",
            "versionStartIncluding": "13.1.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "ACC3FDE8-EFD4-4D92-89BD-40A0F6304965",
            "versionEndIncluding": "11.6.5.2",
            "versionStartIncluding": "11.6.1"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C90CCF95-1AA4-4FD5-AFC0-60A5BF1BF582",
            "versionEndIncluding": "12.1.5.2",
            "versionStartIncluding": "12.1.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A88C898D-79BE-430A-994F-61BE8E4D1E2F",
            "versionEndIncluding": "13.1.3.4",
            "versionStartIncluding": "13.1.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "583BE9A4-928A-4347-994B-2E7F2B2AAD30",
            "versionEndIncluding": "11.6.5.2",
            "versionStartIncluding": "11.6.1"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C2323F3C-3572-4B02-8C7B-E1A3FCD259D2",
            "versionEndIncluding": "12.1.5.2",
            "versionStartIncluding": "12.1.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "41E9F7D6-21EC-4893-A93C-E0E4661DC2FF",
            "versionEndIncluding": "13.1.3.4",
            "versionStartIncluding": "13.1.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:ssl_orchestrator:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C0371A93-D67F-4CE9-82D7-42CF4B2CBCB6",
            "versionEndIncluding": "11.6.5.2",
            "versionStartIncluding": "11.6.1"
          },
          {
            "criteria": "cpe:2.3:a:f5:ssl_orchestrator:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E32D6142-3CCE-4F23-B606-9954E3B56D32",
            "versionEndIncluding": "12.1.5.2",
            "versionStartIncluding": "12.1.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:ssl_orchestrator:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CA48ECD9-B3BF-4A69-9521-1A664C70A974",
            "versionEndIncluding": "13.1.3.4",
            "versionStartIncluding": "13.1.0"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]
Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References
