CVE-2020-5893
low-risk
Published 2020-04-30
In versions 7.1.5-7.1.8, when a user connects to a VPN using BIG-IP Edge Client over an unsecure network, BIG-IP Edge Client responds to authentication requests over HTTP while sending probes for captive portal detection.
Do I need to act?
-
0.13% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
3
CVSS 3.7/10
Low
NETWORK
/ HIGH complexity
Affected Products (2)
Affected Vendors
References (2)
Vendor Advisory
https://support.f5.com/csp/article/K97733133
Vendor Advisory
https://support.f5.com/csp/article/K97733133
21
/ 100
low-risk
Severity
13/34 · Low
Exploitability
1/34 · Minimal
Exposure
7/34 · Low