mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-05-28 09:11:28 +00:00
401 lines
16 KiB
JSON
401 lines
16 KiB
JSON
{
|
|
"id": "CVE-2020-5938",
|
|
"sourceIdentifier": "f5sirt@f5.com",
|
|
"published": "2020-10-29T14:15:12.743",
|
|
"lastModified": "2024-11-21T05:34:51.907",
|
|
"vulnStatus": "Modified",
|
|
"cveTags": [],
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "On BIG-IP 13.1.0-13.1.3.4, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, when negotiating IPSec tunnels with configured, authenticated peers, the peer may negotiate a different key length than the BIG-IP configuration would otherwise allow."
|
|
},
|
|
{
|
|
"lang": "es",
|
|
"value": "En BIG-IP versiones 13.1.0-13.1.3.4, 12.1.0-12.1.5.2 y 11.6.1-11.6.5.2, cuando se negocian t\u00faneles IPSec con peers autenticados configurados, el peer puede negociar una longitud de clave diferente a la que permitir\u00eda la configuraci\u00f3n BIG-IP"
|
|
}
|
|
],
|
|
"metrics": {
|
|
"cvssMetricV31": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "3.1",
|
|
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
|
|
"baseScore": 6.5,
|
|
"baseSeverity": "MEDIUM",
|
|
"attackVector": "NETWORK",
|
|
"attackComplexity": "LOW",
|
|
"privilegesRequired": "LOW",
|
|
"userInteraction": "NONE",
|
|
"scope": "UNCHANGED",
|
|
"confidentialityImpact": "HIGH",
|
|
"integrityImpact": "NONE",
|
|
"availabilityImpact": "NONE"
|
|
},
|
|
"exploitabilityScore": 2.8,
|
|
"impactScore": 3.6
|
|
}
|
|
],
|
|
"cvssMetricV2": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "2.0",
|
|
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
|
|
"baseScore": 4.0,
|
|
"accessVector": "NETWORK",
|
|
"accessComplexity": "LOW",
|
|
"authentication": "SINGLE",
|
|
"confidentialityImpact": "PARTIAL",
|
|
"integrityImpact": "NONE",
|
|
"availabilityImpact": "NONE"
|
|
},
|
|
"baseSeverity": "MEDIUM",
|
|
"exploitabilityScore": 8.0,
|
|
"impactScore": 2.9,
|
|
"acInsufInfo": false,
|
|
"obtainAllPrivilege": false,
|
|
"obtainUserPrivilege": false,
|
|
"obtainOtherPrivilege": false,
|
|
"userInteractionRequired": false
|
|
}
|
|
]
|
|
},
|
|
"weaknesses": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-326"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"configurations": [
|
|
{
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "11.6.1",
|
|
"versionEndIncluding": "11.6.5.2",
|
|
"matchCriteriaId": "1F82C168-C3F0-4E5A-9465-4C9BE57FE888"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "12.1.0",
|
|
"versionEndIncluding": "12.1.5.2",
|
|
"matchCriteriaId": "3C0D3868-7BA0-482C-ADE9-4B4087C07B69"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "13.1.0",
|
|
"versionEndIncluding": "13.1.3.4",
|
|
"matchCriteriaId": "CF3BAF12-9795-4C5A-81A5-EFCEB46630C3"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "11.6.1",
|
|
"versionEndIncluding": "11.6.5.2",
|
|
"matchCriteriaId": "26EA444C-FA23-40A7-98C7-404DC8E5611F"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "12.1.0",
|
|
"versionEndIncluding": "12.1.5.2",
|
|
"matchCriteriaId": "08D80A54-B719-4AD4-8861-1D98D26B9736"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "13.1.0",
|
|
"versionEndIncluding": "13.1.3.4",
|
|
"matchCriteriaId": "18AA373F-C5FE-42A4-AF3C-26F51F124A34"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "11.6.1",
|
|
"versionEndIncluding": "11.6.5.2",
|
|
"matchCriteriaId": "D6AF221D-F7EC-40C9-BC9C-4F7C054C1600"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "12.1.0",
|
|
"versionEndIncluding": "12.1.5.2",
|
|
"matchCriteriaId": "33BC59FD-6410-4F4D-B6A7-5DA3249A87EE"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "13.1.0",
|
|
"versionEndIncluding": "13.1.3.4",
|
|
"matchCriteriaId": "1E9213C5-1D33-4718-AEEF-F3D174809054"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "11.6.1",
|
|
"versionEndIncluding": "11.6.5.2",
|
|
"matchCriteriaId": "8088D322-514B-49C3-9041-7FCD6902A0E6"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "12.1.0",
|
|
"versionEndIncluding": "12.1.5.2",
|
|
"matchCriteriaId": "B11E0D81-E40D-43EB-8315-F11FD78A2485"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "13.1.0",
|
|
"versionEndIncluding": "13.1.3.4",
|
|
"matchCriteriaId": "87EDF992-832C-4A4D-8766-F3D7135E74CF"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "11.6.1",
|
|
"versionEndIncluding": "11.6.5.2",
|
|
"matchCriteriaId": "74330249-E08A-4DAB-AB9F-13BE634D74DA"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "12.1.0",
|
|
"versionEndIncluding": "12.1.5.2",
|
|
"matchCriteriaId": "3F258902-6395-40F3-9D53-F2582ED17EEF"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "13.1.0",
|
|
"versionEndIncluding": "13.1.3.4",
|
|
"matchCriteriaId": "C86000FB-C74C-48E2-A4DE-8326805D5A1E"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "11.6.1",
|
|
"versionEndIncluding": "11.6.5.2",
|
|
"matchCriteriaId": "C9A86305-2292-40FB-A984-9B15F7A079F0"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "12.1.0",
|
|
"versionEndIncluding": "12.1.5.2",
|
|
"matchCriteriaId": "8FE5AD25-A186-4813-9114-6795629E906E"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "13.1.0",
|
|
"versionEndIncluding": "13.1.3.4",
|
|
"matchCriteriaId": "33F9B68F-5888-4099-BBC6-DD88343AC508"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "11.6.1",
|
|
"versionEndIncluding": "11.6.5.2",
|
|
"matchCriteriaId": "AAC89B6B-885D-4E3B-B477-497B70301255"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "12.1.0",
|
|
"versionEndIncluding": "12.1.5.2",
|
|
"matchCriteriaId": "EB9F95F4-B631-4607-A459-7166E8A3F88B"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "13.1.0",
|
|
"versionEndIncluding": "13.1.3.4",
|
|
"matchCriteriaId": "CFAF23BC-987A-40FB-ABB5-2EB7E473314B"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "11.6.1",
|
|
"versionEndIncluding": "11.6.5.2",
|
|
"matchCriteriaId": "5415B126-600B-4200-AA87-AFB434BFAE9F"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "12.1.0",
|
|
"versionEndIncluding": "12.1.5.2",
|
|
"matchCriteriaId": "06DB5080-4612-45CB-9B8D-3BD97A7EC6AF"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "13.1.0",
|
|
"versionEndIncluding": "13.1.3.4",
|
|
"matchCriteriaId": "85FAFA26-3B92-4CAE-8DD6-0A26B49794A8"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "11.6.1",
|
|
"versionEndIncluding": "11.6.5.2",
|
|
"matchCriteriaId": "46F2C7CC-928E-418F-9033-AF84835EF588"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "12.1.0",
|
|
"versionEndIncluding": "12.1.5.2",
|
|
"matchCriteriaId": "F9DD232C-0ECA-4E8C-8419-50C6D0C6D3E1"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "13.1.0",
|
|
"versionEndIncluding": "13.1.3.4",
|
|
"matchCriteriaId": "A6B0B7F5-5F35-4D0B-84D9-F0C198632E41"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "11.6.1",
|
|
"versionEndIncluding": "11.6.5.2",
|
|
"matchCriteriaId": "B7A79CD5-DF43-4D88-928B-0145CAD4069D"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "12.1.0",
|
|
"versionEndIncluding": "12.1.5.2",
|
|
"matchCriteriaId": "1E204494-3006-43E1-A468-9B4633295D55"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "13.1.0",
|
|
"versionEndIncluding": "13.1.3.4",
|
|
"matchCriteriaId": "8E6EB084-C77A-4375-BB96-F961E7DBCAA2"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "11.6.1",
|
|
"versionEndIncluding": "11.6.5.2",
|
|
"matchCriteriaId": "714EE4A8-ACA0-40A5-B183-34D08591A82B"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "12.1.0",
|
|
"versionEndIncluding": "12.1.5.2",
|
|
"matchCriteriaId": "92BFAFD4-B4A2-4F64-B928-714170074AEA"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "13.1.0",
|
|
"versionEndIncluding": "13.1.3.4",
|
|
"matchCriteriaId": "37FEF755-ED1A-4F9C-B19F-3D136A07E1DA"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "11.6.1",
|
|
"versionEndIncluding": "11.6.5.2",
|
|
"matchCriteriaId": "ACC3FDE8-EFD4-4D92-89BD-40A0F6304965"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "12.1.0",
|
|
"versionEndIncluding": "12.1.5.2",
|
|
"matchCriteriaId": "C90CCF95-1AA4-4FD5-AFC0-60A5BF1BF582"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "13.1.0",
|
|
"versionEndIncluding": "13.1.3.4",
|
|
"matchCriteriaId": "A88C898D-79BE-430A-994F-61BE8E4D1E2F"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "11.6.1",
|
|
"versionEndIncluding": "11.6.5.2",
|
|
"matchCriteriaId": "583BE9A4-928A-4347-994B-2E7F2B2AAD30"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "12.1.0",
|
|
"versionEndIncluding": "12.1.5.2",
|
|
"matchCriteriaId": "C2323F3C-3572-4B02-8C7B-E1A3FCD259D2"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "13.1.0",
|
|
"versionEndIncluding": "13.1.3.4",
|
|
"matchCriteriaId": "41E9F7D6-21EC-4893-A93C-E0E4661DC2FF"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:f5:ssl_orchestrator:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "11.6.1",
|
|
"versionEndIncluding": "11.6.5.2",
|
|
"matchCriteriaId": "C0371A93-D67F-4CE9-82D7-42CF4B2CBCB6"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:f5:ssl_orchestrator:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "12.1.0",
|
|
"versionEndIncluding": "12.1.5.2",
|
|
"matchCriteriaId": "E32D6142-3CCE-4F23-B606-9954E3B56D32"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:f5:ssl_orchestrator:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "13.1.0",
|
|
"versionEndIncluding": "13.1.3.4",
|
|
"matchCriteriaId": "CA48ECD9-B3BF-4A69-9521-1A664C70A974"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "https://support.f5.com/csp/article/K76610106",
|
|
"source": "f5sirt@f5.com",
|
|
"tags": [
|
|
"Vendor Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "https://support.f5.com/csp/article/K76610106",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108",
|
|
"tags": [
|
|
"Vendor Advisory"
|
|
]
|
|
}
|
|
]
|
|
} |