Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2020-5929
HistorySep 25, 2020 - 2:15 p.m.

CVE-2020-5929

2020-09-2514:15:13
CWE-203
[email protected]
web.nvd.nist.gov
9
cve-2020-5929
ssl/tls handshake
big-ip platforms
vulnerability
cavium nitrox
diffie-hellman
pre-master secret

CVSS2

2.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:N/A:N

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.002

Percentile

53.8%

JSON

In versions 13.0.0-13.0.0 HF2, 12.1.0-12.1.2 HF1, and 11.6.1-11.6.2, BIG-IP platforms with Cavium Nitrox SSL hardware acceleration cards, a Virtual Server configured with a Client SSL profile, and using Anonymous (ADH) or Ephemeral (DHE) Diffie-Hellman key exchange and Single DH use option not enabled in the options list may be vulnerable to crafted SSL/TLS Handshakes that may result with a PMS (Pre-Master Secret) that starts in a 0 byte and may lead to a recovery of plaintext messages as BIG-IP TLS/SSL ADH/DHE sends different error messages acting as an oracle. Similar error messages when PMS starts with 0 byte coupled with very precise timing measurement observation may also expose this vulnerability.

Affected configurations

Nvd
Node
f5big-ip_access_policy_managerRange11.6.111.6.2
OR
f5big-ip_access_policy_managerRange12.1.012.1.2
OR
f5big-ip_access_policy_managerMatch11.6.2-
OR
f5big-ip_access_policy_managerMatch12.1.2-
OR
f5big-ip_access_policy_managerMatch12.1.2hotfix1
OR
f5big-ip_access_policy_managerMatch13.0.0-
OR
f5big-ip_access_policy_managerMatch13.0.0hotfix1
OR
f5big-ip_access_policy_managerMatch13.0.0hotfix2
OR
f5big-ip_advanced_firewall_managerRange11.6.111.6.2
OR
f5big-ip_advanced_firewall_managerRange12.1.012.1.2
OR
f5big-ip_advanced_firewall_managerMatch11.6.2-
OR
f5big-ip_advanced_firewall_managerMatch12.1.2-
OR
f5big-ip_advanced_firewall_managerMatch12.1.2hotfix1
OR
f5big-ip_advanced_firewall_managerMatch13.0.0-
OR
f5big-ip_advanced_firewall_managerMatch13.0.0hotfix1
OR
f5big-ip_advanced_firewall_managerMatch13.0.0hotfix2
OR
f5big-ip_advanced_web_application_firewallRange11.6.111.6.2
OR
f5big-ip_advanced_web_application_firewallRange12.1.012.1.2
OR
f5big-ip_advanced_web_application_firewallMatch11.6.2-
OR
f5big-ip_advanced_web_application_firewallMatch12.1.2-
OR
f5big-ip_advanced_web_application_firewallMatch12.1.2hotfix1
OR
f5big-ip_advanced_web_application_firewallMatch13.0.0-
OR
f5big-ip_advanced_web_application_firewallMatch13.0.0hotfix1
OR
f5big-ip_advanced_web_application_firewallMatch13.0.0hotfix2
OR
f5big-ip_analyticsRange11.6.111.6.2
OR
f5big-ip_analyticsRange12.1.012.1.2
OR
f5big-ip_analyticsMatch11.6.2-
OR
f5big-ip_analyticsMatch12.1.2-
OR
f5big-ip_analyticsMatch12.1.2hotfix1
OR
f5big-ip_analyticsMatch13.0.0-
OR
f5big-ip_analyticsMatch13.0.0hotfix1
OR
f5big-ip_analyticsMatch13.0.0hotfix2
OR
f5big-ip_application_acceleration_managerRange11.6.111.6.2
OR
f5big-ip_application_acceleration_managerRange12.1.012.1.2
OR
f5big-ip_application_acceleration_managerMatch11.6.2-
OR
f5big-ip_application_acceleration_managerMatch12.1.2-
OR
f5big-ip_application_acceleration_managerMatch12.1.2hotfix1
OR
f5big-ip_application_acceleration_managerMatch13.0.0-
OR
f5big-ip_application_acceleration_managerMatch13.0.0hotfix1
OR
f5big-ip_application_acceleration_managerMatch13.0.0hotfix2
OR
f5big-ip_application_security_managerRange11.6.111.6.2
OR
f5big-ip_application_security_managerRange12.1.012.1.2
OR
f5big-ip_application_security_managerMatch11.6.2-
OR
f5big-ip_application_security_managerMatch12.1.2-
OR
f5big-ip_application_security_managerMatch12.1.2hotfix1
OR
f5big-ip_application_security_managerMatch13.0.0-
OR
f5big-ip_application_security_managerMatch13.0.0hotfix1
OR
f5big-ip_application_security_managerMatch13.0.0hotfix2
OR
f5big-ip_ddos_hybrid_defenderRange11.6.111.6.2
OR
f5big-ip_ddos_hybrid_defenderRange12.1.012.1.2
OR
f5big-ip_ddos_hybrid_defenderMatch11.6.2-
OR
f5big-ip_ddos_hybrid_defenderMatch12.1.2-
OR
f5big-ip_ddos_hybrid_defenderMatch12.1.2hotfix1
OR
f5big-ip_ddos_hybrid_defenderMatch13.0.0-
OR
f5big-ip_ddos_hybrid_defenderMatch13.0.0hotfix1
OR
f5big-ip_ddos_hybrid_defenderMatch13.0.0hotfix2
OR
f5big-ip_domain_name_systemRange11.6.111.6.2
OR
f5big-ip_domain_name_systemRange12.1.012.1.2
OR
f5big-ip_domain_name_systemMatch11.6.2-
OR
f5big-ip_domain_name_systemMatch12.1.2-
OR
f5big-ip_domain_name_systemMatch12.1.2hotfix1
OR
f5big-ip_domain_name_systemMatch13.0.0-
OR
f5big-ip_domain_name_systemMatch13.0.0hotfix1
OR
f5big-ip_domain_name_systemMatch13.0.0hotfix2
OR
f5big-ip_fraud_protection_serviceRange11.6.111.6.2
OR
f5big-ip_fraud_protection_serviceRange12.1.012.1.2
OR
f5big-ip_fraud_protection_serviceMatch11.6.2-
OR
f5big-ip_fraud_protection_serviceMatch12.1.2-
OR
f5big-ip_fraud_protection_serviceMatch12.1.2hotfix1
OR
f5big-ip_fraud_protection_serviceMatch13.0.0-
OR
f5big-ip_fraud_protection_serviceMatch13.0.0hotfix1
OR
f5big-ip_fraud_protection_serviceMatch13.0.0hotfix2
OR
f5big-ip_global_traffic_managerRange11.6.111.6.2
OR
f5big-ip_global_traffic_managerRange12.1.012.1.2
OR
f5big-ip_global_traffic_managerMatch11.6.2-
OR
f5big-ip_global_traffic_managerMatch12.1.2-
OR
f5big-ip_global_traffic_managerMatch12.1.2hotfix1
OR
f5big-ip_global_traffic_managerMatch13.0.0-
OR
f5big-ip_global_traffic_managerMatch13.0.0hotfix1
OR
f5big-ip_global_traffic_managerMatch13.0.0hotfix2
OR
f5big-ip_link_controllerRange11.6.111.6.2
OR
f5big-ip_link_controllerRange12.1.012.1.2
OR
f5big-ip_link_controllerMatch11.6.2-
OR
f5big-ip_link_controllerMatch12.1.2-
OR
f5big-ip_link_controllerMatch12.1.2hotfix1
OR
f5big-ip_link_controllerMatch13.0.0-
OR
f5big-ip_link_controllerMatch13.0.0hotfix1
OR
f5big-ip_link_controllerMatch13.0.0hotfix2
OR
f5big-ip_local_traffic_managerRange11.6.111.6.2
OR
f5big-ip_local_traffic_managerRange12.1.012.1.2
OR
f5big-ip_local_traffic_managerMatch11.6.2-
OR
f5big-ip_local_traffic_managerMatch12.1.2-
OR
f5big-ip_local_traffic_managerMatch12.1.2hotfix1
OR
f5big-ip_local_traffic_managerMatch13.0.0-
OR
f5big-ip_local_traffic_managerMatch13.0.0hotfix1
OR
f5big-ip_local_traffic_managerMatch13.0.0hotfix2
OR
f5big-ip_policy_enforcement_managerRange11.6.111.6.2
OR
f5big-ip_policy_enforcement_managerRange12.1.012.1.2
OR
f5big-ip_policy_enforcement_managerMatch11.6.2-
OR
f5big-ip_policy_enforcement_managerMatch12.1.2-
OR
f5big-ip_policy_enforcement_managerMatch12.1.2hotfix1
OR
f5big-ip_policy_enforcement_managerMatch13.0.0-
OR
f5big-ip_policy_enforcement_managerMatch13.0.0hotfix1
OR
f5big-ip_policy_enforcement_managerMatch13.0.0hotfix2
OR
f5ssl_orchestratorRange11.6.111.6.2
OR
f5ssl_orchestratorRange12.1.012.1.2
OR
f5ssl_orchestratorMatch11.6.2-
OR
f5ssl_orchestratorMatch12.1.2-
OR
f5ssl_orchestratorMatch12.1.2hotfix1
OR
f5ssl_orchestratorMatch13.0.0-
OR
f5ssl_orchestratorMatch13.0.0hotfix1
OR
f5ssl_orchestratorMatch13.0.0hotfix2
VendorProductVersionCPE
f5big-ip_access_policy_manager*cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*
f5big-ip_access_policy_manager11.6.2cpe:2.3:a:f5:big-ip_access_policy_manager:11.6.2:-:*:*:*:*:*:*
f5big-ip_access_policy_manager12.1.2cpe:2.3:a:f5:big-ip_access_policy_manager:12.1.2:-:*:*:*:*:*:*
f5big-ip_access_policy_manager12.1.2cpe:2.3:a:f5:big-ip_access_policy_manager:12.1.2:hotfix1:*:*:*:*:*:*
f5big-ip_access_policy_manager13.0.0cpe:2.3:a:f5:big-ip_access_policy_manager:13.0.0:-:*:*:*:*:*:*
f5big-ip_access_policy_manager13.0.0cpe:2.3:a:f5:big-ip_access_policy_manager:13.0.0:hotfix1:*:*:*:*:*:*
f5big-ip_access_policy_manager13.0.0cpe:2.3:a:f5:big-ip_access_policy_manager:13.0.0:hotfix2:*:*:*:*:*:*
f5big-ip_advanced_firewall_manager*cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*
f5big-ip_advanced_firewall_manager11.6.2cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.6.2:-:*:*:*:*:*:*
f5big-ip_advanced_firewall_manager12.1.2cpe:2.3:a:f5:big-ip_advanced_firewall_manager:12.1.2:-:*:*:*:*:*:*
Rows per page:
1-10 of 981

Related

cvelist 1
cve 1
f5 1
prion 1
attackerkb 1
nessus 1
thn 1
cvelist
cvelist
CVE-2020-5929
2020-09-25 13:22:47
cve
cve
CVE-2020-5929
2020-09-25 14:15:13
f5
f5
K91158923 : BIG-IP SSL/TLS ADH/DHE vulnerability CVE-2020-5929
2020-09-09 00:00:00
prion
prion
Design/Logic Flaw
2020-09-25 14:15:00
attackerkb
attackerkb
CVE-2020-5929
2020-09-25 00:00:00
nessus
nessus
F5 Networks BIG-IP : BIG-IP SSL/TLS ADH/DHE vulnerability (K91158923)
2020-09-10 00:00:00
thn
thn
New Raccoon Attack Could Let Attackers Break SSL/TLS Encryption
2020-09-10 11:09:00

CVSS2

2.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:N/A:N

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.002

Percentile

53.8%

JSON
Related for NVD:CVE-2020-5929
cvelist1cve1f51prion1attackerkb1nessus1thn1