F5 Networks BIG-IP : BIG-IP LTM vulnerability (K20984059)

high Nessus Plugin ID 144103

Synopsis

The remote device is missing a vendor-supplied security patch.

Description

Certain traffic pattern sent to a virtual server configured with an FTP profilecan cause the FTP channel to break. (CVE-2020-5949)

Impact

FTP traffic is disrupted. FTP clients are unable to connect to the FTP server and commands issued to the FTP server stall or fail.

Solution

Upgrade to one of the non-vulnerable versions listed in the F5 Solution K20984059.

See Also

https://my.f5.com/manage/s/article/K20984059

Plugin Details

Severity: High

ID: 144103

File Name: f5_bigip_SOL20984059.nasl

Version: 1.6

Type: local

Published: 12/11/2020

Updated: 11/3/2023

Configuration: Enable paranoid mode

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS Score Source: CVE-2020-5949

CVSS v3

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:f5:big-ip_access_policy_manager, cpe:/a:f5:big-ip_advanced_firewall_manager, cpe:/a:f5:big-ip_application_acceleration_manager, cpe:/a:f5:big-ip_application_security_manager, cpe:/a:f5:big-ip_application_visibility_and_reporting, cpe:/a:f5:big-ip_domain_name_system, cpe:/a:f5:big-ip_global_traffic_manager, cpe:/a:f5:big-ip_link_controller, cpe:/a:f5:big-ip_local_traffic_manager, cpe:/a:f5:big-ip_policy_enforcement_manager, cpe:/h:f5:big-ip

Required KB Items: Host/local_checks_enabled, Settings/ParanoidReport, Host/BIG-IP/hotfix, Host/BIG-IP/modules, Host/BIG-IP/version

Exploit Ease: No known exploits are available

Patch Publication Date: 12/10/2020

Vulnerability Publication Date: 12/11/2020

Reference Information

CVE: CVE-2020-5949

IAVA: 2020-A-0579-S