1. Home
  2. CVE Database
  3. CVE-2020-5851
MEDIUM · 4.6

CVE-2020-5851

On impacted versions and platforms the Trusted Platform Module (TPM) system integrity check cannot detect modifications to specific system components. This issue only impacts specific engineering hotf...

Vulnerability Description

On impacted versions and platforms the Trusted Platform Module (TPM) system integrity check cannot detect modifications to specific system components. This issue only impacts specific engineering hotfixes and platforms. NOTE: This vulnerability does not affect any of the BIG-IP major, minor or maintenance releases you obtained from downloads.f5.com. The affected Engineering Hotfix builds are as follows: Hotfix-BIGIP-14.1.0.2.0.45.4-ENG Hotfix-BIGIP-14.1.0.2.0.62.4-ENG

CVSS Score

4.6

MEDIUM

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Attack Vector
PHYSICAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
NONE
Integrity
HIGH
Availability
NONE

Affected Products

VendorProductVersions
F5Big-Ip Local Traffic Manager14.1.0.2.0.45.4
F5Big-Ip 2800-
F5Big-Ip I10600-
F5Big-Ip I10800-
F5Big-Ip I11600-
F5Big-Ip I11800-
F5Big-Ip I15600-
F5Big-Ip I15800-
F5Big-Ip I2600-
F5Big-Ip I4600-
F5Big-Ip I4800-
F5Big-Ip I5600-
F5Big-Ip I5800-
F5Big-Ip I7600-
F5Big-Ip I7800-
F5Big-Ip I850-
F5Big-Ip Advanced Firewall Manager14.1.0.2.0.45.4
F5Big-Ip Application Acceleration Manager14.1.0.2.0.45.4
F5Big-Ip Analytics14.1.0.2.0.45.4
F5Big-Ip Access Policy Manager14.1.0.2.0.45.4

References

FAQ

What is CVE-2020-5851?

CVE-2020-5851 is a vulnerability with a CVSS score of 4.6 (MEDIUM). On impacted versions and platforms the Trusted Platform Module (TPM) system integrity check cannot detect modifications to specific system components. This issue only impacts specific engineering hotf...

How severe is CVE-2020-5851?

CVE-2020-5851 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-5851?

Check the references section above for vendor advisories and patch information. Affected products include: F5 Big-Ip Local Traffic Manager, F5 Big-Ip 2800, F5 Big-Ip I10600, F5 Big-Ip I10800, F5 Big-Ip I11600.