Vulnerabilities > CVE-2020-5946 - Unspecified vulnerability in F5 Big-Ip Fraud Protection Service

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

NVD

Published: 2020-11-05

Updated: 2020-11-16

Summary

In BIG-IP Advanced WAF and FPS versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, and 14.1.0-14.1.2.7, under some circumstances, certain format client-side alerts sent to the BIG-IP virtual server configured with DataSafe may cause the Traffic Management Microkernel (TMM) to restart, resulting in a Denial-of-Service (DoS).

Vulnerable Configurations

Part	Description	Count
Application	F5 F5 BIG IP Fraud Protection Service 14.1.0 F5 BIG IP Fraud Protection Service 14.1.0.1 F5 BIG IP Fraud Protection Service 14.1.0.2 F5 BIG IP Fraud Protection Service 14.1.0.2.0.45.4 F5 BIG IP Fraud Protection Service 14.1.0.2.0.62.4 F5 BIG IP Fraud Protection Service 14.1.0.3 F5 BIG IP Fraud Protection Service 14.1.0.3.0.79.6 F5 BIG IP Fraud Protection Service 14.1.0.3.0.97.6 F5 BIG IP Fraud Protection Service 14.1.0.3.0.99.6 F5 BIG IP Fraud Protection Service 14.1.0.5.0.15.5 F5 BIG IP Fraud Protection Service 14.1.0.5.0.36.5 F5 BIG IP Fraud Protection Service 14.1.0.5.0.40.5 F5 BIG IP Fraud Protection Service 14.1.0.6 F5 BIG IP Fraud Protection Service 14.1.0.6.0.11.9 F5 BIG IP Fraud Protection Service 14.1.0.6.0.14.9 F5 BIG IP Fraud Protection Service 14.1.0.6.0.68.9 F5 BIG IP Fraud Protection Service 14.1.0.6.0.70.9 F5 BIG IP Fraud Protection Service 14.1.2 F5 BIG IP Fraud Protection Service 14.1.2-0.0.37 F5 BIG IP Fraud Protection Service 14.1.2-0.89.37 F5 BIG IP Fraud Protection Service 14.1.2.0.11.37 F5 BIG IP Fraud Protection Service 14.1.2.0.18.37 F5 BIG IP Fraud Protection Service 14.1.2.0.32.37 F5 BIG IP Fraud Protection Service 14.1.2.1 F5 BIG IP Fraud Protection Service 14.1.2.1-0.0.4 F5 BIG IP Fraud Protection Service 14.1.2.1.0.14.4 F5 BIG IP Fraud Protection Service 14.1.2.1.0.16.4 F5 BIG IP Fraud Protection Service 14.1.2.1.0.34.4 F5 BIG IP Fraud Protection Service 14.1.2.1.0.46.4 F5 BIG IP Fraud Protection Service 14.1.2.1.0.83.4 F5 BIG IP Fraud Protection Service 14.1.2.1.0.97.4 F5 BIG IP Fraud Protection Service 14.1.2.1.0.99.4 F5 BIG IP Fraud Protection Service 14.1.2.1.0.105.4 F5 BIG IP Fraud Protection Service 14.1.2.1.0.111.4 F5 BIG IP Fraud Protection Service 14.1.2.1.0.115.4 F5 BIG IP Fraud Protection Service 14.1.2.1.0.122.4 F5 BIG IP Fraud Protection Service 14.1.2.2 F5 BIG IP Fraud Protection Service 14.1.2.2-0.0.4 F5 BIG IP Fraud Protection Service 14.1.2.3 F5 BIG IP Fraud Protection Service 14.1.2.3-0.0.5 F5 BIG IP Fraud Protection Service 14.1.2.4 F5 BIG IP Fraud Protection Service 14.1.2.5 F5 BIG IP Fraud Protection Service 14.1.2.5-0.0.3 F5 BIG IP Fraud Protection Service 14.1.2.6 F5 BIG IP Fraud Protection Service 14.1.2.6-0.0.2 F5 BIG IP Fraud Protection Service 14.1.2.7 F5 BIG IP Fraud Protection Service 14.1.2.7-0.0.5 F5 BIG IP Fraud Protection Service 15.1.0 F5 BIG IP Fraud Protection Service 15.1.0.1 F5 BIG IP Fraud Protection Service 15.1.0.2 F5 BIG IP Fraud Protection Service 15.1.0.3 F5 BIG IP Fraud Protection Service 15.1.0.4 F5 BIG IP Fraud Protection Service 15.1.0.5 F5 BIG IP Fraud Protection Service 16.0.0 F5 BIG IP Advanced WEB Application Firewall 16.0.0 F5 BIG IP Advanced WEB Application Firewall 16.0.1 F5 BIG IP Advanced WEB Application Firewall 14.1.0 F5 BIG IP Advanced WEB Application Firewall 14.1.0.1 F5 BIG IP Advanced WEB Application Firewall 14.1.0.3 F5 BIG IP Advanced WEB Application Firewall 14.1.2 F5 BIG IP Advanced WEB Application Firewall 14.1.2-0.0.37 F5 BIG IP Advanced WEB Application Firewall 14.1.2-0.89.37 F5 BIG IP Advanced WEB Application Firewall 14.1.2.1 F5 BIG IP Advanced WEB Application Firewall 14.1.2.1-0.0.4 F5 BIG IP Advanced WEB Application Firewall 14.1.2.2 F5 BIG IP Advanced WEB Application Firewall 14.1.2.2-0.0.4 F5 BIG IP Advanced WEB Application Firewall 14.1.2.3 F5 BIG IP Advanced WEB Application Firewall 14.1.2.3-0.0.5 F5 BIG IP Advanced WEB Application Firewall 14.1.2.5 F5 BIG IP Advanced WEB Application Firewall 14.1.2.5-0.0.3 F5 BIG IP Advanced WEB Application Firewall 14.1.2.6 F5 BIG IP Advanced WEB Application Firewall 14.1.2.6-0.0.2 F5 BIG IP Advanced WEB Application Firewall 14.1.2.7 F5 BIG IP Advanced WEB Application Firewall 14.1.2.7-0.0.5 F5 BIG IP Advanced WEB Application Firewall 15.1.0 F5 BIG IP Advanced WEB Application Firewall 15.1.0.2 F5 BIG IP Advanced WEB Application Firewall 15.1.0.4 F5 BIG IP Advanced WEB Application Firewall 15.1.0.5	78

References

https://support.f5.com/csp/article/K53821711