VulnInfo: - CVE ID: CVE-2020-5886 - Published Date: Apr 30, 2020 - Updated Date: Feb 22, 2023 - Summary: BIG-IP systems in High Availability (HA) may expose sensitive cryptographic objects via insecure channels in connection mirroring setups. - Impact: On-path attackers could read/modify Diffie-Hellman parameters in SSL/TLS enabled virtual servers. - Severity: CVSSv3 score 4.8 (Medium) - Affected Products/Version Pairs: - BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, FPS, GTM, Link Controller, PEM): - 15.0.0 -> 15.1.0 (Fixed: 15.1.0.2) - 14.1.0 -> 14.1.2 (Fixed: 14.1.2.5) - 13.1.0 -> 13.1.3 (Fixed: 13.1.3.4) - 12.1.0 -> 12.1.5 (Fixed: 12.1.5.2) - 11.x: Not applicable Mitigation: - Enable 'statemirror.secure' in TMOS. - Protect VLAN for mirroring from untrusted access.