Vulnerability Description
On BIG-IP 15.1.0-15.1.0.1, 15.0.0-15.0.1.1, and 14.1.0-14.1.2.2, under certain conditions, TMM may crash or stop processing new traffic with the DPDK/ENA driver on AWS systems while sending traffic. This issue does not affect any other platforms, hardware or virtual, or any other cloud provider since the affected driver is specific to AWS.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| F5 | Big-Ip Access Policy Manager | >= 14.1.0, <= 14.1.2.2 |
| F5 | Big-Ip Advanced Firewall Manager | >= 14.1.0, <= 14.1.2 |
| F5 | Big-Ip Analytics | >= 14.1.0, <= 14.1.2 |
| F5 | Big-Ip Application Acceleration Manager | >= 14.1.0, <= 14.1.2 |
| F5 | Big-Ip Application Security Manager | >= 14.1.0, <= 14.1.2 |
| F5 | Big-Ip Domain Name System | >= 14.1.0, <= 14.1.2 |
| F5 | Big-Ip Fraud Protection Service | >= 14.1.0, <= 14.1.2 |
| F5 | Big-Ip Global Traffic Manager | >= 14.1.0, <= 14.1.2 |
| F5 | Big-Ip Link Controller | >= 14.1.0, <= 14.1.2 |
| F5 | Big-Ip Local Traffic Manager | >= 14.1.0, <= 14.1.2 |
| F5 | Big-Ip Policy Enforcement Manager | >= 14.1.0, <= 14.1.2 |
References
- https://support.f5.com/csp/article/K01054113Vendor Advisory
- https://support.f5.com/csp/article/K01054113Vendor Advisory
FAQ
What is CVE-2020-5862?
CVE-2020-5862 is a vulnerability with a CVSS score of 7.5 (HIGH). On BIG-IP 15.1.0-15.1.0.1, 15.0.0-15.0.1.1, and 14.1.0-14.1.2.2, under certain conditions, TMM may crash or stop processing new traffic with the DPDK/ENA driver on AWS systems while sending traffic. T...
How severe is CVE-2020-5862?
CVE-2020-5862 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-5862?
Check the references section above for vendor advisories and patch information. Affected products include: F5 Big-Ip Access Policy Manager, F5 Big-Ip Advanced Firewall Manager, F5 Big-Ip Analytics, F5 Big-Ip Application Acceleration Manager, F5 Big-Ip Application Security Manager.