CVE-2020-5947

Published Nov 19, 2020
Last updated 4 years ago
CVSS medium 4.3
Overview

Description: In versions 16.0.0-16.0.0.1 and 15.1.0-15.1.1, on specific BIG-IP platforms, attackers may be able to obtain TCP sequence numbers from the BIG-IP system that can be reused in future connections with the same source and destination port and IP numbers. Only these platforms are affected: BIG-IP 2000 series (C112), BIG-IP 4000 series (C113), BIG-IP i2000 series (C117), BIG-IP i4000 series (C115), BIG-IP Virtual Edition (VE).
Source: f5sirt@f5.com
NVD status: Analyzed
Risk scores

CVSS 3.1

Type: Primary
Base score: 4.3
Impact score: 1.4
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Severity: MEDIUM
CVSS 2.0

Type: Primary
Base score: 4
Impact score: 2.9
Exploitability score: 8
Vector string: AV:N/AC:L/Au:S/C:P/I:N/A:N
Weaknesses

nvd@nist.gov: NVD-CWE-noinfo
Hype score: Not currently trending
Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:f5:big-ip_virtual_edition:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "5231D20F-5BCF-42BE-BA4B-A3705FE372FA"
          },
          {
            "criteria": "cpe:2.3:h:f5:big-ip_2000:c112:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "5C9C2CDC-1DBA-414A-BD24-5C80EF341D42"
          },
          {
            "criteria": "cpe:2.3:h:f5:big-ip_4000:c113:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "086D8EA0-55E3-4EA0-A511-A50E75150B1E"
          },
          {
            "criteria": "cpe:2.3:h:f5:big-ip_i2000:c117:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "E874EF24-9120-45FD-98B6-FA8414EECFA4"
          },
          {
            "criteria": "cpe:2.3:h:f5:big-ip_i4000:c115:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "431D46C5-4C56-425F-B919-0F3954EEBCD6"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5AC29EF0-7E85-4BB1-A183-D03FC53868ED",
            "versionEndExcluding": "15.1.2",
            "versionStartIncluding": "15.0.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3F3F98DD-C142-4030-AD11-A3129D5FFEA9",
            "versionEndExcluding": "16.0.1",
            "versionStartIncluding": "16.0.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DD50CF60-A880-4495-AD3F-9A5C744506AF",
            "versionEndExcluding": "15.1.2",
            "versionStartIncluding": "15.0.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1247022A-F95F-4DF6-87AC-2E6757B01DC3",
            "versionEndExcluding": "16.0.1",
            "versionStartIncluding": "16.0.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "286DABB7-9C44-4050-AB2E-C4B4EAE2EEFD",
            "versionEndExcluding": "15.1.2",
            "versionStartIncluding": "15.0.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F7034BE5-23A6-47FA-9D80-3F3CF29DA2B5",
            "versionEndExcluding": "16.0.1",
            "versionStartIncluding": "16.0.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "69C1B709-03E8-4371-8EC4-C13BF134B6F6",
            "versionEndExcluding": "15.1.2",
            "versionStartIncluding": "15.0.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F491CF7C-EC9A-4413-9B84-459FE83E0AF5",
            "versionEndExcluding": "16.0.1",
            "versionStartIncluding": "16.0.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "217C0D97-5942-4609-BC5D-0D8D145E2436",
            "versionEndExcluding": "15.1.2",
            "versionStartIncluding": "15.0.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D54A135F-CD1E-41AD-82C3-F15A21AA87BE",
            "versionEndExcluding": "16.0.1",
            "versionStartIncluding": "16.0.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F20E2679-A1C0-4925-9284-DBA57F40C41C",
            "versionEndExcluding": "15.1.2",
            "versionStartIncluding": "15.0.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C3B360C4-C9E2-4889-ADD5-3482E69BA8E7",
            "versionEndExcluding": "16.0.1",
            "versionStartIncluding": "16.0.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DC2FA5AD-6375-48C4-B602-E3BD464BF9FF",
            "versionEndExcluding": "15.1.2",
            "versionStartIncluding": "15.0.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3448CBCB-D42E-4DAA-A52F-4225B2EB022A",
            "versionEndExcluding": "16.0.1",
            "versionStartIncluding": "16.0.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "363C0C5C-A8EE-4BF9-92E3-506DA88D8CD3",
            "versionEndExcluding": "15.1.2",
            "versionStartIncluding": "15.0.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B7466098-C689-4E4B-879F-0433A020FDBC",
            "versionEndExcluding": "16.0.1",
            "versionStartIncluding": "16.0.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1DB39FC0-D2B4-4854-B49B-722A67F729E2",
            "versionEndExcluding": "15.1.2",
            "versionStartIncluding": "15.0.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "574397F4-0234-48D3-B024-D7963A41E21C",
            "versionEndExcluding": "16.0.1",
            "versionStartIncluding": "16.0.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7BFEB115-A4F3-4FA3-A838-CE91AB6888F1",
            "versionEndIncluding": "15.1.2",
            "versionStartIncluding": "15.0.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EB7047B3-A248-424C-98D8-A0DD99A86F50",
            "versionEndExcluding": "16.0.1",
            "versionStartIncluding": "16.0.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "315AB5D6-FC37-44F5-989F-33FA4EC4654F",
            "versionEndExcluding": "15.1.2",
            "versionStartIncluding": "15.0.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "15439AAC-1535-4087-9170-C885716736F4",
            "versionEndExcluding": "16.0.1",
            "versionStartIncluding": "16.0.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AECF3150-98BD-4F39-84D9-584E36B357CB",
            "versionEndExcluding": "15.1.2",
            "versionStartIncluding": "15.0.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4F9D19B2-1D89-4917-A82E-289EDE52C68F",
            "versionEndExcluding": "16.0.1",
            "versionStartIncluding": "16.0.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7C250F1A-D949-4389-B46B-25B63FBC167D",
            "versionEndExcluding": "15.1.2",
            "versionStartIncluding": "15.0.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E0319299-FCCE-4B8F-8DB5-83AF0C3D68D5",
            "versionEndExcluding": "16.0.1",
            "versionStartIncluding": "16.0.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:ssl_orchestrator:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3B9426CC-5EE8-4250-82DA-24A6004F1794",
            "versionEndExcluding": "15.1.2",
            "versionStartIncluding": "15.0.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:ssl_orchestrator:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "37DB95DF-DAAE-4E11-9D91-A097A44176DB",
            "versionEndExcluding": "16.0.1",
            "versionStartIncluding": "16.0.0"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]
Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References
