F5 Networks BIG-IP : BIG-IP Client SSL Security Advisory (K44020030)

high Nessus Plugin ID 142041

Synopsis

The remote device is missing a vendor-supplied security patch.

Description

The Traffic Management Microkernel (TMM) process may consume excessive resources when processing SSL traffic and client authentication are enabled on the client SSL profile.

Impact

TMM memory may eventually become exhausted and may result in the system producing a core file. The BIG-IP system may temporarily fail to process traffic as it recovers from TMM restarting. If the system is configured as part of a high-availability pair, the device may fail over.

The BIG-IP 4000s and 4200v platforms (C113) may encounter the issue more rapidly than other BIG-IP platforms.

Solution

Upgrade to one of the non-vulnerable versions listed in the F5 Solution K44020030.

See Also

https://my.f5.com/manage/s/article/K44020030

Plugin Details

Severity: High

ID: 142041

File Name: f5_bigip_SOL44020030.nasl

Version: 1.4

Type: local

Published: 10/29/2020

Updated: 11/2/2023

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 3.2

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS Score Source: CVE-2020-5936

CVSS v3

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:f5:big-ip_local_traffic_manager, cpe:/h:f5:big-ip

Required KB Items: Host/local_checks_enabled, Host/BIG-IP/hotfix, Host/BIG-IP/modules, Host/BIG-IP/version

Exploit Ease: No known exploits are available

Patch Publication Date: 10/28/2020

Vulnerability Publication Date: 10/28/2020

Reference Information

CVE: CVE-2020-5936