K69422435 : BIG-IQ HA vulnerability CVE-2020-5870

2020-04-2300:00:00

my.f5.com

8.1 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

30.9%

JSON

Security Advisory Description

BIG-IQ high availability (HA) synchronization mechanisms do not use any form of authentication for connecting to the peer. (CVE-2020-5870)

Impact

An attacker on an adjacent network may be able to establish a connection to the BIG-IQ HA synchronization with no authentication. As a result, the BIG-IQ data may be compromised.

CPENameOperatorVersion
big-iq centralized managementeq5.2.0
big-iq centralized managementeq5.3.0
big-iq centralized managementeq5.4.0
big-iq centralized managementeq6.0.0
big-iq centralized managementeq6.0.1
big-iq centralized managementeq6.1.0
big-iq centralized managementeq7.0.0
big-iq centralized managementeq7.1.0
big-ip afmeq11.5.10
big-ip afmeq11.5.2

Name	Operator	Version
big-iq centralized management	eq	5.2.0
big-iq centralized management	eq	5.3.0
big-iq centralized management	eq	5.4.0
big-iq centralized management	eq	6.0.0
big-iq centralized management	eq	6.0.1
big-iq centralized management	eq	6.1.0
big-iq centralized management	eq	7.0.0
big-iq centralized management	eq	7.1.0
big-ip afm	eq	11.5.10
big-ip afm	eq	11.5.2

Rows per page:

1-10 of 2701