CVE-2020-5861: Buffer Overflow
First published: Fri Mar 27 2020(Updated: )
On BIG-IP 12.1.0-12.1.5, the TMM process may produce a core file in some cases when Ram Cache incorrectly optimizes stored data resulting in memory errors.
Credit: f5sirt@f5.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| F5 Access Policy Manager | >=12.1.0<=12.1.5 | |
| F5 BIG-IP Advanced Firewall Manager | >=12.1.0<=12.1.5 | |
| F5 BIG-IP Analytics | >=12.1.0<=12.1.5 | |
| F5 BIG-IP Application Acceleration Manager | >=12.1.0<=12.1.5 | |
| F5 Application Security Manager | >=12.1.0<=12.1.5 | |
| F5 BIG-IP | >=12.1.0<=12.1.5 | |
| F5 BIG-IP Fraud Protection Service | >=12.1.0<=12.1.5 | |
| Riverbed SteelApp Traffic Manager | >=12.1.0<=12.1.5 | |
| F5 BIG-IP Link Controller | >=12.1.0<=12.1.5 | |
| Riverbed SteelApp Traffic Manager | >=12.1.0<=12.1.5 | |
| F5 BIG-IP Policy Enforcement Manager | >=12.1.0<=12.1.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2020-5861?
CVE-2020-5861 is considered a medium severity vulnerability that affects specific versions of F5 BIG-IP products.
How do I fix CVE-2020-5861?
To mitigate CVE-2020-5861, it is recommended to upgrade to the patched version of the affected F5 BIG-IP software.
Which products are affected by CVE-2020-5861?
CVE-2020-5861 affects F5 BIG-IP Access Policy Manager, Advanced Firewall Manager, Analytics, Application Acceleration Manager, Application Security Manager, Domain Name System, Fraud Protection Service, Global Traffic Manager, Link Controller, Local Traffic Manager, and Policy Enforcement Manager versions 12.1.0 to 12.1.5.
What is the risk of not addressing CVE-2020-5861?
Failing to address CVE-2020-5861 may lead to potential memory errors and instability of the TMM process resulting in service interruptions.
Is a configuration change required to resolve CVE-2020-5861?
No configuration changes are necessary to resolve CVE-2020-5861; upgrading to the fixed version is sufficient.
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- agent/weakness
- agent/author
- agent/severity
- agent/references
- agent/description
- agent/event
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/f5
- canonical/f5 access policy manager
- version/f5 access policy manager/12.1.0
- version/f5 access policy manager/12.1.5
- canonical/f5 big-ip advanced firewall manager
- version/f5 big-ip advanced firewall manager/12.1.0
- version/f5 big-ip advanced firewall manager/12.1.5
- canonical/f5 big-ip analytics
- version/f5 big-ip analytics/12.1.0
- version/f5 big-ip analytics/12.1.5
- canonical/f5 big-ip application acceleration manager
- version/f5 big-ip application acceleration manager/12.1.0
- version/f5 big-ip application acceleration manager/12.1.5
- canonical/f5 application security manager
- version/f5 application security manager/12.1.0
- version/f5 application security manager/12.1.5
- canonical/f5 big-ip
- version/f5 big-ip/12.1.0
- version/f5 big-ip/12.1.5
- canonical/f5 big-ip fraud protection service
- version/f5 big-ip fraud protection service/12.1.0
- version/f5 big-ip fraud protection service/12.1.5
- canonical/riverbed steelapp traffic manager
- version/riverbed steelapp traffic manager/12.1.0
- version/riverbed steelapp traffic manager/12.1.5
- canonical/f5 big-ip link controller
- version/f5 big-ip link controller/12.1.0
- version/f5 big-ip link controller/12.1.5
- canonical/f5 big-ip policy enforcement manager
- version/f5 big-ip policy enforcement manager/12.1.0
- version/f5 big-ip policy enforcement manager/12.1.5