medium
5.9
CWE
203
Advisory Published
Updated

CVE-2020-5929

First published: Fri Sep 25 2020(Updated: )

In versions 13.0.0-13.0.0 HF2, 12.1.0-12.1.2 HF1, and 11.6.1-11.6.2, BIG-IP platforms with Cavium Nitrox SSL hardware acceleration cards, a Virtual Server configured with a Client SSL profile, and using Anonymous (ADH) or Ephemeral (DHE) Diffie-Hellman key exchange and Single DH use option not enabled in the options list may be vulnerable to crafted SSL/TLS Handshakes that may result with a PMS (Pre-Master Secret) that starts in a 0 byte and may lead to a recovery of plaintext messages as BIG-IP TLS/SSL ADH/DHE sends different error messages acting as an oracle. Similar error messages when PMS starts with 0 byte coupled with very precise timing measurement observation may also expose this vulnerability.

Credit: f5sirt@f5.com

Affected SoftwareAffected VersionHow to fix
F5 BIG-IP Access Policy Manager>=11.6.1<11.6.2
F5 BIG-IP Access Policy Manager>=12.1.0<12.1.2
F5 BIG-IP Access Policy Manager=11.6.2
F5 BIG-IP Access Policy Manager=12.1.2
F5 BIG-IP Access Policy Manager=12.1.2-hotfix1
F5 BIG-IP Access Policy Manager=13.0.0
F5 BIG-IP Access Policy Manager=13.0.0-hotfix1
F5 BIG-IP Access Policy Manager=13.0.0-hotfix2
F5 BIG-IP Advanced Firewall Manager>=11.6.1<11.6.2
F5 BIG-IP Advanced Firewall Manager>=12.1.0<12.1.2
F5 BIG-IP Advanced Firewall Manager=11.6.2
F5 BIG-IP Advanced Firewall Manager=12.1.2
F5 BIG-IP Advanced Firewall Manager=12.1.2-hotfix1
F5 BIG-IP Advanced Firewall Manager=13.0.0
F5 BIG-IP Advanced Firewall Manager=13.0.0-hotfix1
F5 BIG-IP Advanced Firewall Manager=13.0.0-hotfix2
F5 Big-ip Advanced Web Application Firewall>=11.6.1<11.6.2
F5 Big-ip Advanced Web Application Firewall>=12.1.0<12.1.2
F5 Big-ip Advanced Web Application Firewall=11.6.2
F5 Big-ip Advanced Web Application Firewall=12.1.2
F5 Big-ip Advanced Web Application Firewall=12.1.2-hotfix1
F5 Big-ip Advanced Web Application Firewall=13.0.0
F5 Big-ip Advanced Web Application Firewall=13.0.0-hotfix1
F5 Big-ip Advanced Web Application Firewall=13.0.0-hotfix2
F5 BIG-IP Analytics>=11.6.1<11.6.2
F5 BIG-IP Analytics>=12.1.0<12.1.2
F5 BIG-IP Analytics=11.6.2
F5 BIG-IP Analytics=12.1.2
F5 BIG-IP Analytics=12.1.2-hotfix1
F5 BIG-IP Analytics=13.0.0
F5 BIG-IP Analytics=13.0.0-hotfix1
F5 BIG-IP Analytics=13.0.0-hotfix2
F5 Big-ip Application Acceleration Manager>=11.6.1<11.6.2
F5 Big-ip Application Acceleration Manager>=12.1.0<12.1.2
F5 Big-ip Application Acceleration Manager=11.6.2
F5 Big-ip Application Acceleration Manager=12.1.2
F5 Big-ip Application Acceleration Manager=12.1.2-hotfix1
F5 Big-ip Application Acceleration Manager=13.0.0
F5 Big-ip Application Acceleration Manager=13.0.0-hotfix1
F5 Big-ip Application Acceleration Manager=13.0.0-hotfix2
F5 BIG-IP Application Security Manager>=11.6.1<11.6.2
F5 BIG-IP Application Security Manager>=12.1.0<12.1.2
F5 BIG-IP Application Security Manager=11.6.2
F5 BIG-IP Application Security Manager=12.1.2
F5 BIG-IP Application Security Manager=12.1.2-hotfix1
F5 BIG-IP Application Security Manager=13.0.0
F5 BIG-IP Application Security Manager=13.0.0-hotfix1
F5 BIG-IP Application Security Manager=13.0.0-hotfix2
F5 Big-ip Ddos Hybrid Defender>=11.6.1<11.6.2
F5 Big-ip Ddos Hybrid Defender>=12.1.0<12.1.2
F5 Big-ip Ddos Hybrid Defender=11.6.2
F5 Big-ip Ddos Hybrid Defender=12.1.2
F5 Big-ip Ddos Hybrid Defender=12.1.2-hotfix1
F5 Big-ip Ddos Hybrid Defender=13.0.0
F5 Big-ip Ddos Hybrid Defender=13.0.0-hotfix1
F5 Big-ip Ddos Hybrid Defender=13.0.0-hotfix2
F5 Big-ip Domain Name System>=11.6.1<11.6.2
F5 Big-ip Domain Name System>=12.1.0<12.1.2
F5 Big-ip Domain Name System=11.6.2
F5 Big-ip Domain Name System=12.1.2
F5 Big-ip Domain Name System=12.1.2-hotfix1
F5 Big-ip Domain Name System=13.0.0
F5 Big-ip Domain Name System=13.0.0-hotfix1
F5 Big-ip Domain Name System=13.0.0-hotfix2
F5 Big-ip Fraud Protection Service>=11.6.1<11.6.2
F5 Big-ip Fraud Protection Service>=12.1.0<12.1.2
F5 Big-ip Fraud Protection Service=11.6.2
F5 Big-ip Fraud Protection Service=12.1.2
F5 Big-ip Fraud Protection Service=12.1.2-hotfix1
F5 Big-ip Fraud Protection Service=13.0.0
F5 Big-ip Fraud Protection Service=13.0.0-hotfix1
F5 Big-ip Fraud Protection Service=13.0.0-hotfix2
F5 Big-ip Global Traffic Manager>=11.6.1<11.6.2
F5 Big-ip Global Traffic Manager>=12.1.0<12.1.2
F5 Big-ip Global Traffic Manager=11.6.2
F5 Big-ip Global Traffic Manager=12.1.2
F5 Big-ip Global Traffic Manager=12.1.2-hotfix1
F5 Big-ip Global Traffic Manager=13.0.0
F5 Big-ip Global Traffic Manager=13.0.0-hotfix1
F5 Big-ip Global Traffic Manager=13.0.0-hotfix2
F5 Big-ip Link Controller>=11.6.1<11.6.2
F5 Big-ip Link Controller>=12.1.0<12.1.2
F5 Big-ip Link Controller=11.6.2
F5 Big-ip Link Controller=12.1.2
F5 Big-ip Link Controller=12.1.2-hotfix1
F5 Big-ip Link Controller=13.0.0
F5 Big-ip Link Controller=13.0.0-hotfix1
F5 Big-ip Link Controller=13.0.0-hotfix2
F5 Big-ip Local Traffic Manager>=11.6.1<11.6.2
F5 Big-ip Local Traffic Manager>=12.1.0<12.1.2
F5 Big-ip Local Traffic Manager=11.6.2
F5 Big-ip Local Traffic Manager=12.1.2
F5 Big-ip Local Traffic Manager=12.1.2-hotfix1
F5 Big-ip Local Traffic Manager=13.0.0
F5 Big-ip Local Traffic Manager=13.0.0-hotfix1
F5 Big-ip Local Traffic Manager=13.0.0-hotfix2
F5 Big-ip Policy Enforcement Manager>=11.6.1<11.6.2
F5 Big-ip Policy Enforcement Manager>=12.1.0<12.1.2
F5 Big-ip Policy Enforcement Manager=11.6.2
F5 Big-ip Policy Enforcement Manager=12.1.2
F5 Big-ip Policy Enforcement Manager=12.1.2-hotfix1
F5 Big-ip Policy Enforcement Manager=13.0.0
F5 Big-ip Policy Enforcement Manager=13.0.0-hotfix1
F5 Big-ip Policy Enforcement Manager=13.0.0-hotfix2
F5 SSL Orchestrator>=11.6.1<11.6.2
F5 SSL Orchestrator>=12.1.0<12.1.2
F5 SSL Orchestrator=11.6.2
F5 SSL Orchestrator=12.1.2
F5 SSL Orchestrator=12.1.2-hotfix1
F5 SSL Orchestrator=13.0.0
F5 SSL Orchestrator=13.0.0-hotfix1
F5 SSL Orchestrator=13.0.0-hotfix2

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203