Skip to main content

Improper Enforcement of Message Integrity During Transmission in a Communication Channel

CVE-2020-5869

Severity High
Score 9.1/10

Summary

In BIG-IQ 5.2.0-7.0.0, high availability (HA) synchronization is not secure by TLS and may allow on-path attackers to read / modify confidential data in transit.

  • LOW
  • NETWORK
  • HIGH
  • UNCHANGED
  • NONE
  • NONE
  • HIGH
  • NONE

CWE-924 - Improper Enforcement of Message Integrity During Transmission in a Communication Channel

The software establishes a communication channel with an endpoint and receives a message from that endpoint, but it does not sufficiently ensure that the message was not modified during transmission.

References

Advisory Timeline

  • Published