What is the severity of CVE-2020-27724?

CVE-2020-27724 is rated as a high severity vulnerability due to the potential for authenticated VPN users to consume excessive system resources.

How do I fix CVE-2020-27724?

To fix CVE-2020-27724, upgrade your F5 BIG-IP Access Policy Manager to the versions that address the vulnerability, specifically versions after those listed in the affected software section.

What are the affected versions for CVE-2020-27724?

CVE-2020-27724 affects F5 BIG-IP APM versions ranging from 11.6.1 to 16.0.0, specifically noted versions up to 16.0.0.1.

Who is impacted by CVE-2020-27724?

CVE-2020-27724 primarily impacts organizations using F5 BIG-IP APM with multiple TMM instances, allowing authenticated users to exploit the vulnerability.

What type of attack is CVE-2020-27724 associated with?

CVE-2020-27724 is associated with a resource consumption attack, where specially-crafted malicious traffic can lead to denial of service conditions.

Vulnerability/
CVE-2020-27724

medium

6.5

CWE

400

24/12/2020

4/8/2024

CVE-2020-27724

First published: Thu Dec 24 2020(Updated: )

In BIG-IP APM versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, on systems running more than one TMM instance, authenticated VPN users may consume excessive resources by sending specially-crafted malicious traffic over the tunnel.

Credit: f5sirt@f5.com

Affected Software	Affected Version	How to fix
F5 Access Policy Manager	>=11.6.1<=11.6.5
F5 Access Policy Manager	>=12.1.0<=12.1.5
F5 Access Policy Manager	>=13.1.0<13.1.3.5
F5 Access Policy Manager	>=14.1.0<14.1.3.1
F5 Access Policy Manager	>=15.0.0<15.0.1.4
F5 Access Policy Manager	>=15.1.0<15.1.0.5
F5 Access Policy Manager	>=16.0.0<16.0.1

Never miss a vulnerability like this again

Reference Links

https://support.f5.com/csp/article/K04518313

Frequently Asked Questions

What is the severity of CVE-2020-27724?
CVE-2020-27724 is rated as a high severity vulnerability due to the potential for authenticated VPN users to consume excessive system resources.
How do I fix CVE-2020-27724?
To fix CVE-2020-27724, upgrade your F5 BIG-IP Access Policy Manager to the versions that address the vulnerability, specifically versions after those listed in the affected software section.
What are the affected versions for CVE-2020-27724?
CVE-2020-27724 affects F5 BIG-IP APM versions ranging from 11.6.1 to 16.0.0, specifically noted versions up to 16.0.0.1.
Who is impacted by CVE-2020-27724?
CVE-2020-27724 primarily impacts organizations using F5 BIG-IP APM with multiple TMM instances, allowing authenticated users to exploit the vulnerability.
What type of attack is CVE-2020-27724 associated with?
CVE-2020-27724 is associated with a resource consumption attack, where specially-crafted malicious traffic can lead to denial of service conditions.

agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/weakness
agent/last-modified-date
agent/references
agent/severity
agent/author
agent/first-publish-date
agent/event
agent/description
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/f5
canonical/f5 access policy manager
version/f5 access policy manager/11.6.1
version/f5 access policy manager/11.6.5
version/f5 access policy manager/12.1.0
version/f5 access policy manager/12.1.5
version/f5 access policy manager/13.1.0
version/f5 access policy manager/14.1.0
version/f5 access policy manager/15.0.0
version/f5 access policy manager/15.1.0
version/f5 access policy manager/16.0.0

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.