Vulnerability Details : CVE-2020-5851
On impacted versions and platforms the Trusted Platform Module (TPM) system integrity check cannot detect modifications to specific system components. This issue only impacts specific engineering hotfixes and platforms. NOTE: This vulnerability does not affect any of the BIG-IP major, minor or maintenance releases you obtained from downloads.f5.com. The affected Engineering Hotfix builds are as follows: Hotfix-BIGIP-14.1.0.2.0.45.4-ENG Hotfix-BIGIP-14.1.0.2.0.62.4-ENG
Products affected by CVE-2020-5851
- cpe:2.3:a:f5:big-ip_local_traffic_manager:14.1.0.2.0.45.4:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_local_traffic_manager:14.1.0.2.0.62.4:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_global_traffic_manager:14.1.0.2.0.45.4:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_global_traffic_manager:14.1.0.2.0.62.4:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_application_security_manager:14.1.0.2.0.45.4:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_application_security_manager:14.1.0.2.0.62.4:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_access_policy_manager:14.1.0.2.0.45.4:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_access_policy_manager:14.1.0.2.0.62.4:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_webaccelerator:14.1.0.2.0.45.4:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_webaccelerator:14.1.0.2.0.62.4:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_edge_gateway:14.1.0.2.0.45.4:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_edge_gateway:14.1.0.2.0.62.4:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_link_controller:14.1.0.2.0.45.4:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_link_controller:14.1.0.2.0.62.4:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_analytics:14.1.0.2.0.45.4:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_analytics:14.1.0.2.0.62.4:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_application_acceleration_manager:14.1.0.2.0.45.4:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_application_acceleration_manager:14.1.0.2.0.62.4:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_advanced_firewall_manager:14.1.0.2.0.62.4:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_advanced_firewall_manager:14.1.0.2.0.45.4:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_policy_enforcement_manager:14.1.0.2.0.45.4:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_policy_enforcement_manager:14.1.0.2.0.62.4:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_domain_name_system:14.1.0.2.0.45.4:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_domain_name_system:14.1.0.2.0.62.4:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_fraud_protection_service:14.1.0.2.0.45.4:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_fraud_protection_service:14.1.0.2.0.62.4:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2020-5851
0.06%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 23 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2020-5851
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
2.1
|
LOW | AV:L/AC:L/Au:N/C:N/I:P/A:N |
3.9
|
2.9
|
NIST | |
4.6
|
MEDIUM | CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
0.9
|
3.6
|
NIST |
References for CVE-2020-5851
-
https://support.f5.com/csp/article/K91171450
Article: K91171450 - BIG-IP engineering hotfix Trusted Platform Module vulnerability CVE-2020-5851Vendor Advisory
Jump to