Rewterz Threat Advisory – CVE-2020-5947 – F5 BIG-IP security bypass

November 23, 2020

Severity

Medium

Analysis Summary

CVE-2020-5947

F5 BIG-IP could allow a remote authenticated attacker to bypass security restrictions, caused by the ability to obtain TCP sequence numbers. By spoofing TCP packets, an attacker could exploit this vulnerability to perform TCP sequence prediction attack.

Impact

Security bypass

Affected Vendors

Affected Products

F5 BIG-IP 15.0.0
F5 BIG-IP 16.0.0
F5 BIG-IP 15.1.1

Remediation

Refer to F5 Security Advisory K64571774 for patch, upgrade or suggested workaround information.

https://support.f5.com/csp/article/K64571774

Rewterz Annual Threat Intelligence Report 2024 - Download Now

Rewterz Annual Threat Intelligence Report 2024 - Download Now

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

SideWinder APT Group aka Rattlesnake – Active IOCs

Microsoft Bookings Vulnerability Allowed Attackers to Modify Meeting Details

ClickFix Scheme Used by Russian Hackers to Deploy Espionage Malware – Active IOCs

Threat Insights

About Us

Our Leadership

CSR

Connect with Us

Rewterz Threat Advisory – CVE-2020-13671 – Drupal Core Critical Remote Code Execution Vulnerability

Rewterz Threat Alert – Trickbot IOCs

The Wait Is Over!

The Rewterz Annual Threat Intelligence Report 2024 is finally here.