Vulnerabilities > CVE-2020-5946 - Unspecified vulnerability in F5 products

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

PARTIAL

network

low complexity

NVD

Published: 2020-11-05

Updated: 2020-11-16

Summary

In BIG-IP Advanced WAF and FPS versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, and 14.1.0-14.1.2.7, under some circumstances, certain format client-side alerts sent to the BIG-IP virtual server configured with DataSafe may cause the Traffic Management Microkernel (TMM) to restart, resulting in a Denial-of-Service (DoS).

Vulnerable Configurations

Part	Description	Count
Application	F5 F5 BIG IP Advanced WEB Application Firewall 14.1.0 F5 BIG IP Advanced WEB Application Firewall 14.1.0.3 F5 BIG IP Advanced WEB Application Firewall 14.1.2 F5 BIG IP Advanced WEB Application Firewall 14.1.2-0.0.37 F5 BIG IP Advanced WEB Application Firewall 14.1.2-0.89.37 F5 BIG IP Advanced WEB Application Firewall 14.1.2.1 F5 BIG IP Advanced WEB Application Firewall 14.1.2.1-0.0.4 F5 BIG IP Advanced WEB Application Firewall 14.1.2.2 F5 BIG IP Advanced WEB Application Firewall 14.1.2.2-0.0.4 F5 BIG IP Advanced WEB Application Firewall 14.1.2.3 F5 BIG IP Advanced WEB Application Firewall 14.1.2.3-0.0.5 F5 BIG IP Advanced WEB Application Firewall 14.1.2.5 F5 BIG IP Advanced WEB Application Firewall 14.1.2.5-0.0.3 F5 BIG IP Advanced WEB Application Firewall 14.1.2.6 F5 BIG IP Advanced WEB Application Firewall 14.1.2.6-0.0.2 F5 BIG IP Advanced WEB Application Firewall 14.1.2.7 F5 BIG IP Advanced WEB Application Firewall 14.1.2.7-0.0.5 F5 BIG IP Advanced WEB Application Firewall 15.1.0.2 F5 BIG IP Advanced WEB Application Firewall 15.1.0.4 F5 BIG IP Advanced WEB Application Firewall 15.1.0.5 F5 BIG IP Advanced WEB Application Firewall * F5 BIG IP Fraud Protection Service 14.1.0 F5 BIG IP Fraud Protection Service 14.1.0.1 F5 BIG IP Fraud Protection Service 14.1.0.2 F5 BIG IP Fraud Protection Service 14.1.0.3 F5 BIG IP Fraud Protection Service 14.1.0.3.0.79.6 F5 BIG IP Fraud Protection Service 14.1.0.3.0.97.6 F5 BIG IP Fraud Protection Service 14.1.0.3.0.99.6 F5 BIG IP Fraud Protection Service 14.1.0.5.0.15.5 F5 BIG IP Fraud Protection Service 14.1.0.5.0.36.5 F5 BIG IP Fraud Protection Service 14.1.0.5.0.40.5 F5 BIG IP Fraud Protection Service 14.1.0.6 F5 BIG IP Fraud Protection Service 14.1.0.6.0.11.9 F5 BIG IP Fraud Protection Service 14.1.0.6.0.14.9 F5 BIG IP Fraud Protection Service 14.1.0.6.0.68.9 F5 BIG IP Fraud Protection Service 14.1.0.6.0.70.9 F5 BIG IP Fraud Protection Service 14.1.2 F5 BIG IP Fraud Protection Service 14.1.2-0.0.37 F5 BIG IP Fraud Protection Service 14.1.2-0.89.37 F5 BIG IP Fraud Protection Service 14.1.2.0.11.37 F5 BIG IP Fraud Protection Service 14.1.2.0.18.37 F5 BIG IP Fraud Protection Service 14.1.2.0.32.37 F5 BIG IP Fraud Protection Service 14.1.2.1 F5 BIG IP Fraud Protection Service 14.1.2.1-0.0.4 F5 BIG IP Fraud Protection Service 14.1.2.1.0.14.4 F5 BIG IP Fraud Protection Service 14.1.2.1.0.16.4 F5 BIG IP Fraud Protection Service 14.1.2.1.0.34.4 F5 BIG IP Fraud Protection Service 14.1.2.1.0.46.4 F5 BIG IP Fraud Protection Service 14.1.2.1.0.97.4 F5 BIG IP Fraud Protection Service 14.1.2.1.0.99.4 F5 BIG IP Fraud Protection Service 14.1.2.1.0.105.4 F5 BIG IP Fraud Protection Service 14.1.2.1.0.111.4 F5 BIG IP Fraud Protection Service 14.1.2.1.0.115.4 F5 BIG IP Fraud Protection Service 14.1.2.1.0.122.4 F5 BIG IP Fraud Protection Service 14.1.2.2 F5 BIG IP Fraud Protection Service 14.1.2.2-0.0.4 F5 BIG IP Fraud Protection Service 14.1.2.3 F5 BIG IP Fraud Protection Service 14.1.2.3-0.0.5 F5 BIG IP Fraud Protection Service 14.1.2.4 F5 BIG IP Fraud Protection Service 14.1.2.5 F5 BIG IP Fraud Protection Service 14.1.2.5-0.0.3 F5 BIG IP Fraud Protection Service 14.1.2.6 F5 BIG IP Fraud Protection Service 14.1.2.6-0.0.2 F5 BIG IP Fraud Protection Service 14.1.2.7 F5 BIG IP Fraud Protection Service 14.1.2.7-0.0.5 F5 BIG IP Fraud Protection Service 15.1.0 F5 BIG IP Fraud Protection Service 15.1.0.1 F5 BIG IP Fraud Protection Service 15.1.0.2 F5 BIG IP Fraud Protection Service 15.1.0.3 F5 BIG IP Fraud Protection Service 15.1.0.4 F5 BIG IP Fraud Protection Service 15.1.0.5 F5 BIG IP Fraud Protection Service *	72

References

https://support.f5.com/csp/article/K53821711