F5 BIG-IP APM up to 11.6.5.1/12.1.5/13.1.3.2/14.1.2.3/15.1.0 Portal Access unknown vulnerability

A vulnerability, which was classified as critical, has been found in F5 BIG-IP APM up to 11.6.5.1/12.1.5/13.1.3.2/14.1.2.3/15.1.0 (Firewall Software). This issue affects an unknown function of the component Portal Access. The impact remains unknown. The summary by CVE is:

In BIG-IP APM portal access on versions 15.0.0-15.1.0, 14.0.0-14.1.2.3, 13.1.0-13.1.3.2, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, when backend servers serve HTTP pages with special JavaScript code, this can lead to internal portal access name conflict.

The weakness was presented 01/14/2020. The advisory is shared at support.f5.com. The identification of this vulnerability is CVE-2020-5853 since 01/06/2020. Neither technical details nor an exploit are publicly available. The price for an exploit might be around USD $5k-$25k at the moment (estimation calculated on 01/15/2020).

There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

Type

Vendor

Name

Class: Unknown
Local: Yes
Remote: No

Availability: 🔒
Status: Not defined

Price Prediction: 🔍
Current Price Estimation: 🔒

Threat Intelligenceinfoedit

Threat: 🔍
Adversaries: 🔍
Geopolitics: 🔍
Economy: 🔍
Predictions: 🔍
Remediation: 🔍Recommended: no mitigation known

0-Day Time: 🔒

01/06/2020 CVE assigned
01/14/2020 +8 days Advisory disclosed
01/15/2020 +1 days VulDB entry created
01/15/2020 +0 days VulDB last updateVendor: f5.com

Advisory: support.f5.com

CVE: CVE-2020-5853 (🔒)

Created: 01/15/2020 11:22 AM
Complete: 🔍

Comments are closed.