{ "id": "CVE-2020-27715", "sourceIdentifier": "f5sirt@f5.com", "published": "2020-12-24T16:15:14.867", "lastModified": "2020-12-28T17:22:01.810", "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "On BIG-IP 15.1.0-15.1.0.5 and 14.1.0-14.1.3, crafted TLS request to the BIG-IP management interface via port 443 can cause high (~100%) CPU utilization by the httpd daemon." }, { "lang": "es", "value": "En BIG-IP 15.1.0-15.1.0.5 y 14.1.0-14.1.3, una petici\u00f3n TLS dise\u00f1ada a la interfaz de administraci\u00f3n de BIG-IP por medio del puerto 443 puede causar una alta utilizaci\u00f3n de CPU (~100%) por el demonio httpd" } ], "metrics": { "cvssMetricV31": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH" }, "exploitabilityScore": 3.9, "impactScore": 3.6 } ], "cvssMetricV2": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.8 }, "baseSeverity": "HIGH", "exploitabilityScore": 10.0, "impactScore": 6.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false } ] }, "weaknesses": [ { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "NVD-CWE-noinfo" } ] } ], "configurations": [ { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "14.1.0", "versionEndExcluding": "14.1.3.1", "matchCriteriaId": "D27EBC7C-4EE1-4574-9AFD-2868611D80B8" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "15.0.0", "versionEndExcluding": "15.1.1", "matchCriteriaId": "2AE7C1F6-4D07-4D9A-835C-18CC8D71D61A" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "14.1.0", "versionEndExcluding": "14.1.3.1", "matchCriteriaId": "86D94B31-6496-42B0-BA04-370C283C4641" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "15.0.0", "versionEndExcluding": "15.1.1", "matchCriteriaId": "B4E7E813-5C68-4E17-82AC-B74056FCF24A" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", "versionStartIncluding": "14.1.0", "versionEndExcluding": "14.1.3.1", "matchCriteriaId": "2F630B15-9652-477D-ACDE-BB846FAA2D92" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", "versionStartIncluding": "15.0.0", "versionEndExcluding": "15.1.1", "matchCriteriaId": "4E9844F8-67D6-4EDA-A850-CE34C2D4E90F" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "14.1.0", "versionEndExcluding": "14.1.3.1", "matchCriteriaId": "6FB29F87-8F6B-452A-9A9B-B7680C37CE43" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "15.0.0", "versionEndExcluding": "15.1.1", "matchCriteriaId": "367CAAB5-6DCD-4C2D-9075-C050FF3262AC" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "14.1.0", "versionEndExcluding": "14.1.3.1", "matchCriteriaId": "A0B1C52A-361A-46BD-9531-96C69F011EBC" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "15.0.0", "versionEndExcluding": "15.1.1", "matchCriteriaId": "A479BF72-A211-4E61-BB37-309E7DB46E31" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", "versionStartIncluding": "14.1.0", "versionEndExcluding": "14.1.3.1", "matchCriteriaId": "95CD946B-331A-44F5-8F64-26411E909F13" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", "versionStartIncluding": "15.0.0", "versionEndExcluding": "15.1.1", "matchCriteriaId": "77AB154F-ADC2-4AD4-B246-346862D7013D" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*", "versionStartIncluding": "14.1.0", "versionEndExcluding": "14.1.3.1", "matchCriteriaId": "91346E36-BACA-4562-9903-9E4B7EA74834" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*", "versionStartIncluding": "15.0.0", "versionEndExcluding": "15.1.1", "matchCriteriaId": "083E3750-8499-4325-B480-040DD0836F07" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "14.1.0", "versionEndExcluding": "14.1.3.1", "matchCriteriaId": "AD6C7A28-1569-44B0-BE80-7472F5ED5059" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "15.0.0", "versionEndExcluding": "15.1.1", "matchCriteriaId": "28F451E4-B5EA-48BF-B803-595D1F11F6CF" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", "versionStartIncluding": "14.1.0", "versionEndExcluding": "14.1.3.1", "matchCriteriaId": "1C78B434-86B3-49AE-B93D-3A8F743DE00F" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", "versionStartIncluding": "15.0.0", "versionEndExcluding": "15.1.1", "matchCriteriaId": "3E85FCC0-DC5A-4201-A2ED-13DDA5169CA3" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "14.1.0", "versionEndExcluding": "14.1.3.1", "matchCriteriaId": "B6D8C63D-D669-414C-8AF1-2F3A993D6B75" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "15.0.0", "versionEndExcluding": "15.1.1", "matchCriteriaId": "66DD6E1E-8F8E-4228-A3CE-6A542EF81D1B" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "14.1.0", "versionEndExcluding": "14.1.3.1", "matchCriteriaId": "72914086-C966-46CF-AE19-6F70EA05FEF1" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "15.0.0", "versionEndExcluding": "15.1.1", "matchCriteriaId": "AC6881E9-5B73-4615-B98D-EDD3223FF8F2" } ] } ] } ], "references": [ { "url": "https://support.f5.com/csp/article/K25691186", "source": "f5sirt@f5.com", "tags": [ "Vendor Advisory" ] } ] }