Information security specialists reported the detection of two security flaws affecting several firewall models developed by technology firm F5 Networks. According to the report, successful exploitation would allow malicious hackers to deploy severe attack scenarios.
Below are brief descriptions of the reported flaws, in addition to their assigned tracking keys and scores according to the Common Vulnerability Scoring System (CVSS).
CVE-2020-25704: A memory leak within the Linux kernel performance monitoring subsystem when using PERF_EVENT_IOC_SET_FILTER in BIG-IQ Centralized Management would allow local users to deploy a denial of service (DoS) condition.
The flaw received a CVSS score of 5.1/10.
According to the report, the flaw lies in the following versions of BIG-IQ Centralized Management: 7.0.0 – 8.1.0.
CVE-2020-25704: A memory leak within the Linux kernel performance monitoring subsystem when using PERF_EVENT_IOC_SET_FILTER would allow local users to deploy DoS attacks.
This is a low severity flaw and received a CVSS score of 5.1/10.
The flaw resides in all versions of F5OS between 1.0.0 & 1.3.1.
Patches to address these flaws are now available, so users of affected deployments are encouraged to upgrade as soon as possible.
To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.
He is a well-known expert in mobile security and malware analysis. He studied Computer Science at NYU and started working as a cyber security analyst in 2003. He is actively working as an anti-malware expert. He also worked for security companies like Kaspersky Lab. His everyday job includes researching about new malware and cyber security incidents. Also he has deep level of knowledge in mobile security and mobile vulnerabilities.