Information security specialists reported the detection of two security flaws affecting several firewall models developed by technology firm F5 Networks. According to the report, successful exploitation would allow malicious hackers to deploy severe attack scenarios.

Below are brief descriptions of the reported flaws, in addition to their assigned tracking keys and scores according to the Common Vulnerability Scoring System (CVSS).

CVE-2020-25704: A memory leak within the Linux kernel performance monitoring subsystem when using PERF_EVENT_IOC_SET_FILTER in BIG-IQ Centralized Management would allow local users to deploy a denial of service (DoS) condition.

The flaw received a CVSS score of 5.1/10.

According to the report, the flaw lies in the following versions of BIG-IQ Centralized Management: 7.0.0 – 8.1.0.

CVE-2020-25704: A memory leak within the Linux kernel performance monitoring subsystem when using PERF_EVENT_IOC_SET_FILTER would allow local users to deploy DoS attacks.

This is a low severity flaw and received a CVSS score of 5.1/10.

The flaw resides in all versions of F5OS between 1.0.0 & 1.3.1.

Patches to address these flaws are now available, so users of affected deployments are encouraged to upgrade as soon as possible.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.

The post Important memory leak vulnerabilities in F5 firewalls: Patch immediately appeared first on Information Security Newspaper | Hacking News.

source

You May Also Like

Patch these 2 new vulnerabilities in your Node.js applications

Cybersecurity specialists reported the detection of at least two vulnerabilities residing in…

Critical remote code execution vulnerability in WinRAR demo version. Update quickly

A critical vulnerability in the trial version of WinRAR 5.70 would allow…

3 critical BIOS vulnerabilities affect Intel microchips in laptops and IoT devices

Intel security teams announced the detection of two critical vulnerabilities in a…