Severity Rating: HIGH
Software Affected
•BIG-IP: 11.x, 12.x, 13.x, 14.x and 15.x
•BIG-IP LTM: 11.x, 12.x, 13.x, 14.x and 15.x
•BIG-IP AAM: 11.x, 12.x, 13.x, 14.x and 15.x
•BIG-IP AFM: 11.x, 12.x, 13.x, 14.x and 15.x
•BIG-IP Analytics: 11.x, 12.x, 13.x, 14.x and 15.x
•BIG-IP APM: 11.x, 12.x, 13.x, 14.x and 15.x
•BIG-IP ASM: 11.x, 12.x, 13.x, 14.x and 15.x
•BIG-IP DNS: 11.x, 12.x, 13.x, 14.x and 15.x
•BIG-IP FPS: 11.x, 12.x, 13.x, 14.x and 15.x
•BIG-IP GTM: 11.x, 12.x, 13.x, 14.x and 15.x
•BIG-IP Link Controller: 11.x, 12.x, 13.x, 14.x and 15.x
•BIG-IP PEM: 11.x, 12.x, 13.x, 14.x and 15.x
Overview
Multiple vulnerabilities have been reported in F5 BIG-IP Products which
could be exploited by an attacker to execute arbitrary code, obtain
sensitive information and cause a Denial of Service (DOS) condition on the
targeted system.
Description
1. Privileges Escalation Vulnerability ( CVE-2020-5896 )
This vulnerability exists due to weak permission of the BIG-IP Edge Client
Windows Installer Services temporary folder. Using this vulnerability, a
local attacker may execute "signed .exe" and MSI files.
Successful exploitation of this vulnerability could allow a local user to
escalate privileges on the targeted system.
2. Use-after-free error vulnerability ( CVE-2020-5897 )
This vulnerability exists due to a use-after-free error in the BIG-IP Edge
Client Windows ActiveX component. A remote attacker could exploit this
vulnerability by enticing a user to open a specially crafted malicious
webpage, load it into the Internet Explorer browser by BIG-IP Edge Client
users to compromise the affected system.
Successful exploitation of this vulnerability could the remote attacker to
execute arbitrary code on the target system.
3. Denial of Service Vulnerability ( CVE-2020-5898 )
This vulnerability exists due to improper sanitization of the pointer
received from the user land by BIG-IP Edge Client Windows Stonewall driver.
An attacker could exploit this vulnerability by sending a specially crafted
DeviceIoControl requests to a ¿\\.\urvpndrv¿ device and crash the Windows
kernel.
Successful exploitation of this vulnerability could allow the local
attacker to cause a Denial of Service (DoS) condition on the targeted
system.
Solution
Apply appropriate fixes as issued by vendor in the following link:
Vendor Information
F5 Networks
References
F5 Networks
CVE Name
CVE-2020-5896
CVE-2020-5897
CVE-2020-5898
About Cert Advisory
We have created this blog to provide latest security advisory from the india cert for the security vulnerability, threats, attacks and patching required to mitigate any kind of cyber attacks.
![Fwd: [CIVN-2020-0194] Multiple Vulnerabilities in VMware vRealize Operations Application Remote Collector (ARC)](http://3.bp.blogspot.com/-ZRo8fwgs65M/UZC2jMJpcLI/AAAAAAAAC5Y/EfoFQsr1wzU/s1600/BS+No+Image.gif )