CVE-2020-27715
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
24/12/2020
Last modified:
28/12/2020
Description
On BIG-IP 15.1.0-15.1.0.5 and 14.1.0-14.1.3, crafted TLS request to the BIG-IP management interface via port 443 can cause high (~100%) CPU utilization by the httpd daemon.
Impact
Base Score 3.x
7.50
Severity 3.x
HIGH
Base Score 2.0
7.80
Severity 2.0
HIGH
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:* | 14.1.0 (including) | 14.1.3.1 (excluding) |
cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:* | 15.0.0 (including) | 15.1.1 (excluding) |
cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:* | 14.1.0 (including) | 14.1.3.1 (excluding) |
cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:* | 15.0.0 (including) | 15.1.1 (excluding) |
cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:* | 14.1.0 (including) | 14.1.3.1 (excluding) |
cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:* | 15.0.0 (including) | 15.1.1 (excluding) |
cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:* | 14.1.0 (including) | 14.1.3.1 (excluding) |
cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:* | 15.0.0 (including) | 15.1.1 (excluding) |
cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:* | 14.1.0 (including) | 14.1.3.1 (excluding) |
cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:* | 15.0.0 (including) | 15.1.1 (excluding) |
cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:* | 14.1.0 (including) | 14.1.3.1 (excluding) |
cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:* | 15.0.0 (including) | 15.1.1 (excluding) |
cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:* | 14.1.0 (including) | 14.1.3.1 (excluding) |
cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:* | 15.0.0 (including) | 15.1.1 (excluding) |
cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:* | 14.1.0 (including) | 14.1.3.1 (excluding) |
To consult the complete list of CPE names with products and versions, see this page