5.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
7.4 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
7.7 High
AI Score
Confidence
High
0.003 Low
EPSS
Percentile
69.9%
A flaw in the way reply ICMP packets are limited in the Linux kernel functionality was found that allows to quickly scan open UDP ports.
This flaw allows an off-path remote user to effectively bypassing source port UDP randomization. The highest threat from this vulnerability is to confidentiality and possibly integrity, because software that relies on UDP source port randomization are indirectly affected as well. Kernel versions before 5.10 may be vulnerable to this issue. (CVE-2020-25705)
Impact
A remote off-path attacker can determine open User Datagram Protocol (UDP) source ports on a vulnerable system based on Internet Control Message Protocol (ICMP) error messages, making it possible to execute a ‘SAD DNS attack.’
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from F5 Networks BIG-IP Solution K09604370.
#
# The text description of this plugin is (C) F5 Networks.
#
include('compat.inc');
if (description)
{
script_id(147905);
script_version("1.7");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/01/09");
script_cve_id("CVE-2020-25705");
script_xref(name:"CEA-ID", value:"CEA-2020-0138");
script_name(english:"F5 Networks BIG-IP : Linux kernel vulnerability (K09604370)");
script_set_attribute(attribute:"synopsis", value:
"The remote device is missing a vendor-supplied security patch.");
script_set_attribute(attribute:"description", value:
"A flaw in the way reply ICMP packets are limited in the Linux kernel
functionality was found that allows to quickly scan open UDP ports.
This flaw allows an off-path remote user to effectively bypassing
source port UDP randomization. The highest threat from this
vulnerability is to confidentiality and possibly integrity, because
software that relies on UDP source port randomization are indirectly
affected as well. Kernel versions before 5.10 may be vulnerable to
this issue. (CVE-2020-25705)
Impact
A remote off-path attacker can determine open User Datagram Protocol
(UDP) source ports on a vulnerable system based on Internet Control
Message Protocol (ICMP) error messages, making it possible to execute
a 'SAD DNS attack.'");
script_set_attribute(attribute:"see_also", value:"https://my.f5.com/manage/s/article/K09604370");
script_set_attribute(attribute:"solution", value:
"Upgrade to one of the non-vulnerable versions listed in the F5 Solution K09604370.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-25705");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2020/11/17");
script_set_attribute(attribute:"patch_publication_date", value:"2020/12/23");
script_set_attribute(attribute:"plugin_publication_date", value:"2021/03/19");
script_set_attribute(attribute:"potential_vulnerability", value:"true");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_access_policy_manager");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_advanced_firewall_manager");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_application_acceleration_manager");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_application_security_manager");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_application_visibility_and_reporting");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_domain_name_system");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_global_traffic_manager");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_link_controller");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_local_traffic_manager");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_policy_enforcement_manager");
script_set_attribute(attribute:"cpe", value:"cpe:/h:f5:big-ip");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"F5 Networks Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2021-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("f5_bigip_detect.nbin");
script_require_keys("Host/local_checks_enabled", "Host/BIG-IP/hotfix", "Host/BIG-IP/modules", "Host/BIG-IP/version", "Settings/ParanoidReport");
exit(0);
}
include('f5_func.inc');
if ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var version = get_kb_item('Host/BIG-IP/version');
if ( ! version ) audit(AUDIT_OS_NOT, 'F5 Networks BIG-IP');
if ( isnull(get_kb_item('Host/BIG-IP/hotfix')) ) audit(AUDIT_KB_MISSING, 'Host/BIG-IP/hotfix');
if ( ! get_kb_item('Host/BIG-IP/modules') ) audit(AUDIT_KB_MISSING, 'Host/BIG-IP/modules');
if (report_paranoia < 2) audit(AUDIT_PARANOID);
var sol = 'K09604370';
var vmatrix = {
'AFM': {
'affected': [
'13.1.0-13.1.4','12.1.0-12.1.6','11.6.1-11.6.5'
],
'unaffected': [
'14.1.0','13.1.5'
],
},
'AM': {
'affected': [
'13.1.0-13.1.4','12.1.0-12.1.6','11.6.1-11.6.5'
],
'unaffected': [
'14.1.0','13.1.5'
],
},
'APM': {
'affected': [
'13.1.0-13.1.4','12.1.0-12.1.6','11.6.1-11.6.5'
],
'unaffected': [
'14.1.0','13.1.5'
],
},
'ASM': {
'affected': [
'13.1.0-13.1.4','12.1.0-12.1.6','11.6.1-11.6.5'
],
'unaffected': [
'14.1.0','13.1.5'
],
},
'AVR': {
'affected': [
'13.1.0-13.1.4','12.1.0-12.1.6','11.6.1-11.6.5'
],
'unaffected': [
'14.1.0','13.1.5'
],
},
'DNS': {
'affected': [
'13.1.0-13.1.4','12.1.0-12.1.6','11.6.1-11.6.5'
],
'unaffected': [
'14.1.0','13.1.5'
],
},
'GTM': {
'affected': [
'13.1.0-13.1.4','12.1.0-12.1.6','11.6.1-11.6.5'
],
'unaffected': [
'14.1.0','13.1.5'
],
},
'LC': {
'affected': [
'13.1.0-13.1.4','12.1.0-12.1.6','11.6.1-11.6.5'
],
'unaffected': [
'14.1.0','13.1.5'
],
},
'LTM': {
'affected': [
'13.1.0-13.1.4','12.1.0-12.1.6','11.6.1-11.6.5'
],
'unaffected': [
'14.1.0','13.1.5'
],
},
'PEM': {
'affected': [
'13.1.0-13.1.4','12.1.0-12.1.6','11.6.1-11.6.5'
],
'unaffected': [
'14.1.0','13.1.5'
],
}
};
if (bigip_is_affected(vmatrix:vmatrix, sol:sol))
{
var extra = NULL;
if (report_verbosity > 0) extra = bigip_report_get();
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : extra
);
}
else
{
var tested = bigip_get_tested_modules();
var audit_extra = 'For BIG-IP module(s) ' + tested + ',';
if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version);
else audit(AUDIT_HOST_NOT, 'running any of the affected modules');
}
Vendor | Product | Version | CPE |
---|---|---|---|
f5 | big-ip_access_policy_manager | cpe:/a:f5:big-ip_access_policy_manager | |
f5 | big-ip_advanced_firewall_manager | cpe:/a:f5:big-ip_advanced_firewall_manager | |
f5 | big-ip_application_acceleration_manager | cpe:/a:f5:big-ip_application_acceleration_manager | |
f5 | big-ip_application_security_manager | cpe:/a:f5:big-ip_application_security_manager | |
f5 | big-ip_application_visibility_and_reporting | cpe:/a:f5:big-ip_application_visibility_and_reporting | |
f5 | big-ip_domain_name_system | cpe:/a:f5:big-ip_domain_name_system | |
f5 | big-ip_global_traffic_manager | cpe:/a:f5:big-ip_global_traffic_manager | |
f5 | big-ip_link_controller | cpe:/a:f5:big-ip_link_controller | |
f5 | big-ip_local_traffic_manager | cpe:/a:f5:big-ip_local_traffic_manager | |
f5 | big-ip_policy_enforcement_manager | cpe:/a:f5:big-ip_policy_enforcement_manager |
5.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
7.4 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
7.7 High
AI Score
Confidence
High
0.003 Low
EPSS
Percentile
69.9%