CVE-2020-5898

EUVD-2020-27052
In versions 7.1.5-7.1.9, BIG-IP Edge Client Windows Stonewall driver does not sanitize the pointer received from the userland. A local user on the Windows client system can send crafted DeviceIoControl requests to \\.\urvpndrv device causing the Windows kernel to crash.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 20%
Affected Products (NVD)
VendorProductVersion
f5big-ip_access_policy_manager
11.6.1 ≤
𝑥
≤ 11.6.5.1
f5big-ip_access_policy_manager
12.1.0 ≤
𝑥
≤ 12.1.5.1
f5big-ip_access_policy_manager
13.1.0 ≤
𝑥
≤ 13.1.3.3
f5big-ip_access_policy_manager
14.1.0 ≤
𝑥
≤ 14.1.2.5
f5big-ip_access_policy_manager
15.0.0 ≤
𝑥
≤ 15.1.0.3
f5big-ip_access_policy_manager_client
7.1.5 ≤
𝑥
≤ 7.1.9
𝑥
= Vulnerable software versions
References
https://support.f5.com/csp/article/K69154630
https://support.f5.com/csp/article/K69154630