Vulnerabilities > CVE-2020-5875 - Unspecified vulnerability in F5 products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
On BIG-IP 15.0.0-15.0.1 and 14.1.0-14.1.2.3, under certain conditions, the Traffic Management Microkernel (TMM) may generate a core file and restart while processing SSL traffic with an HTTP/2 full proxy.
Vulnerable Configurations
Nessus
NASL family | F5 Networks Local Security Checks |
NASL id | F5_BIGIP_SOL65372933.NASL |
description | Under certain conditions, the Traffic Management Microkernel (TMM) may generate a core file and restart while processing SSL traffic with an HTTP/2 full proxy. (CVE-2020-5875) Impact If you have enabled HTTP/2, Message Routing Framework (MRF), and SSL, a certain request sequence can trigger a condition that may cause TMM to generate a core file and restart. An attacker may be able to cause a BIG-IP system to produce a core file, disrupting the flow of traffic and causing a failover to a standby system. |
last seen | 2020-05-12 |
modified | 2020-04-30 |
plugin id | 136143 |
published | 2020-04-30 |
reporter | This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/136143 |
title | F5 Networks BIG-IP : BIG-IP HTTP/2 vulnerability (K65372933) |