CVE-2020-5941 : On BIG-IP versions 16.0.0-16.0.0.1 and 15.1.0-15.1.0.5, using the RESOLV::lookup

On BIG-IP versions 16.0.0-16.0.0.1 and 15.1.0-15.1.0.5, using the RESOLV::lookup command within an iRule may cause the Traffic Management Microkernel (TMM) to generate a core file and restart. This issue occurs when data exceeding the maximum limit of a hostname passes to the RESOLV::lookup command.

Published 2020-11-05 20:15:18

Updated 2020-11-16 16:54:09

Source F5 Networks

View at NVD, CVE.org

Products affected by CVE-2020-5941

F5 » Big-ip Local Traffic Manager
Versions from including (>=) 15.1.0 and before (<) 15.1.1
cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*
Matching versions
F5 » Big-ip Local Traffic Manager
Versions from including (>=) 16.0.0 and before (<) 16.0.1
cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*
Matching versions
F5 » Big-ip Global Traffic Manager
Versions from including (>=) 16.0.0 and before (<) 16.0.1
cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*
Matching versions
F5 » Big-ip Global Traffic Manager
Versions from including (>=) 15.1.0 and before (<) 15.1.1
cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*
Matching versions
F5 » Big-ip Application Security Manager
Versions from including (>=) 15.1.0 and before (<) 15.1.1
cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*
Matching versions
F5 » Big-ip Application Security Manager
Versions from including (>=) 16.0.0 and before (<) 16.0.1
cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*
Matching versions
F5 » Big-ip Access Policy Manager
Versions from including (>=) 16.0.0 and before (<) 16.0.1
cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*
Matching versions
F5 » Big-ip Access Policy Manager
Versions from including (>=) 15.1.0 and before (<) 15.1.1
cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*
Matching versions
F5 » Big-ip Link Controller
Versions from including (>=) 16.0.0 and before (<) 16.0.1
cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*
Matching versions
F5 » Big-ip Link Controller
Versions from including (>=) 15.1.0 and before (<) 15.1.1
cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*
Matching versions
F5 » Big-ip Analytics
Versions from including (>=) 15.1.0 and before (<) 15.1.1
cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*
Matching versions
F5 » Big-ip Analytics
Versions from including (>=) 16.0.0 and before (<) 16.0.1
cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*
Matching versions
F5 » Big-ip Application Acceleration Manager
Versions from including (>=) 15.1.0 and before (<) 15.1.1
cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*
Matching versions
F5 » Big-ip Application Acceleration Manager
Versions from including (>=) 16.0.0 and before (<) 16.0.1
cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*
Matching versions
F5 » Big-ip Advanced Firewall Manager
Versions from including (>=) 15.1.0 and before (<) 15.1.1
cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*
Matching versions
F5 » Big-ip Advanced Firewall Manager
Versions from including (>=) 16.0.0 and before (<) 16.0.1
cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*
Matching versions
F5 » Big-ip Policy Enforcement Manager
Versions from including (>=) 15.1.0 and before (<) 15.1.1
cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*
Matching versions
F5 » Big-ip Policy Enforcement Manager
Versions from including (>=) 16.0.0 and before (<) 16.0.1
cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*
Matching versions
F5 » Big-ip Domain Name System
Versions from including (>=) 15.1.0 and before (<) 15.1.1
cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*
Matching versions
F5 » Big-ip Domain Name System
Versions from including (>=) 16.0.0 and before (<) 16.0.1
cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*
Matching versions
F5 » Big-ip Fraud Protection Service
Versions from including (>=) 16.0.0 and before (<) 16.0.1
cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*
Matching versions
F5 » Big-ip Fraud Protection Service
Versions from including (>=) 15.1.0 and before (<) 15.1.1
cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2020-5941

EPSS FAQ

0.65%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 69 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2020-5941

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
5.0	MEDIUM	AV:N/AC:L/Au:N/C:N/I:N/A:P	10.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Partial
7.5	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H	3.9	3.6	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High

References for CVE-2020-5941

https://support.f5.com/csp/article/K03125360

Vendor Advisory

Jump to

Vulnerability Details : CVE-2020-5941

Products affected by CVE-2020-5941

Exploit prediction scoring system (EPSS) score for CVE-2020-5941

CVSS scores for CVE-2020-5941

References for CVE-2020-5941