Vulnerabilities > CVE-2020-5875 - Unspecified vulnerability in F5 products

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
HIGH
network
low complexity
f5
nessus

Summary

On BIG-IP 15.0.0-15.0.1 and 14.1.0-14.1.2.3, under certain conditions, the Traffic Management Microkernel (TMM) may generate a core file and restart while processing SSL traffic with an HTTP/2 full proxy.

Vulnerable Configurations

Part Description Count
Application
F5
455

Nessus

NASL familyF5 Networks Local Security Checks
NASL idF5_BIGIP_SOL65372933.NASL
descriptionUnder certain conditions, the Traffic Management Microkernel (TMM) may generate a core file and restart while processing SSL traffic with an HTTP/2 full proxy. (CVE-2020-5875) Impact If you have enabled HTTP/2, Message Routing Framework (MRF), and SSL, a certain request sequence can trigger a condition that may cause TMM to generate a core file and restart. An attacker may be able to cause a BIG-IP system to produce a core file, disrupting the flow of traffic and causing a failover to a standby system.
last seen2020-05-12
modified2020-04-30
plugin id136143
published2020-04-30
reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
sourcehttps://www.tenable.com/plugins/nessus/136143
titleF5 Networks BIG-IP : BIG-IP HTTP/2 vulnerability (K65372933)