Risk
Low
Patch available
NO
Number of vulnerabilities
3
CVE ID
CVE-2020-25684CVE-2020-25685CVE-2020-25686
CWE ID
CWE-345CWE-327
Exploitation vector
Network
Public exploit
Public exploit code for vulnerability #1 is available.Public exploit code for vulnerability #2 is available.Public exploit code for vulnerability #3 is available.
Vulnerable softwareSubscribe
F5OSOperating systems & Components / Operating system
Vendor
F5 Networks, Inc.
Security Advisory
3) Insufficient verification of data authenticity
Risk: Low
CVSSv3.1: 3.6 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N/E:P/RL:O/RC:C]
CVE-ID: CVE-2020-25686
CWE-ID: CWE-345 - Insufficient Verification of Data Authenticity
Exploit availability: Yes
Description
The vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to the affected software does not check for an existing pending request for the same name and forwards a new request. A remote attacker can perform a DNS cache poisoning attack.
Mitigation
Cybersecurity Help is currently unaware of any official solution to ..
Support the originator by clicking the read the rest link below.