CERT-In Advisory: CVE-2020-5897

Fwd: [CIVN-2020-0189] Multiple Vulnerabilities in F5 BIG-IP Products

Ajay Verma CVE-2020-5897 , CVE-2020-5898 , F5 BIG-IP Products CVE-2020-5896 , risk high , vulnerability 02:10

Severity Rating: HIGH

Software Affected

•BIG-IP: 11.x, 12.x, 13.x, 14.x and 15.x

•BIG-IP LTM: 11.x, 12.x, 13.x, 14.x and 15.x

•BIG-IP AAM: 11.x, 12.x, 13.x, 14.x and 15.x

•BIG-IP AFM: 11.x, 12.x, 13.x, 14.x and 15.x

•BIG-IP Analytics: 11.x, 12.x, 13.x, 14.x and 15.x

•BIG-IP APM: 11.x, 12.x, 13.x, 14.x and 15.x

•BIG-IP ASM: 11.x, 12.x, 13.x, 14.x and 15.x

•BIG-IP DNS: 11.x, 12.x, 13.x, 14.x and 15.x

•BIG-IP FPS: 11.x, 12.x, 13.x, 14.x and 15.x

•BIG-IP GTM: 11.x, 12.x, 13.x, 14.x and 15.x

•BIG-IP Link Controller: 11.x, 12.x, 13.x, 14.x and 15.x

•BIG-IP PEM: 11.x, 12.x, 13.x, 14.x and 15.x

Overview

Multiple vulnerabilities have been reported in F5 BIG-IP Products which

could be exploited by an attacker to execute arbitrary code, obtain

sensitive information and cause a Denial of Service (DOS) condition on the

targeted system.

Description

1. Privileges Escalation Vulnerability ( CVE-2020-5896 )

This vulnerability exists due to weak permission of the BIG-IP Edge Client

Windows Installer Services temporary folder. Using this vulnerability, a

local attacker may execute "signed .exe" and MSI files.

Successful exploitation of this vulnerability could allow a local user to

escalate privileges on the targeted system.

2. Use-after-free error vulnerability ( CVE-2020-5897 )

This vulnerability exists due to a use-after-free error in the BIG-IP Edge

Client Windows ActiveX component. A remote attacker could exploit this

vulnerability by enticing a user to open a specially crafted malicious

webpage, load it into the Internet Explorer browser by BIG-IP Edge Client

users to compromise the affected system.

Successful exploitation of this vulnerability could the remote attacker to

execute arbitrary code on the target system.

3. Denial of Service Vulnerability ( CVE-2020-5898 )

This vulnerability exists due to improper sanitization of the pointer

received from the user land by BIG-IP Edge Client Windows Stonewall driver.

An attacker could exploit this vulnerability by sending a specially crafted

DeviceIoControl requests to a ¿\\.\urvpndrv¿ device and crash the Windows

kernel.

Successful exploitation of this vulnerability could allow the local

attacker to cause a Denial of Service (DoS) condition on the targeted

system.

Solution

Apply appropriate fixes as issued by vendor in the following link:

https://support.f5.com/csp/article/K15478554

https://support.f5.com/csp/article/K20346072

https://support.f5.com/csp/article/K69154630

Vendor Information

F5 Networks

https://support.f5.com/csp/article/K15478554

https://support.f5.com/csp/article/K20346072

https://support.f5.com/csp/article/K69154630

References

F5 Networks

https://support.f5.com/csp/article/K15478554

https://support.f5.com/csp/article/K20346072

https://support.f5.com/csp/article/K69154630

CVE Name

CVE-2020-5896

CVE-2020-5897

CVE-2020-5898

Fwd: [CIVN-2020-0189] Multiple Vulnerabilities in F5 BIG-IP Products

Popular Posts

Facebook

Blog Archive