CVE-2020-5851

Name: CVE-2020-5851
Creator: NVD / NIST
Published: 2020-01-14T16:15:11.917+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

MEDIUMCVSS 4.6/10EPSS 0.33%

Last modified Jun 17, 2026

CVE-2020-5851 is a medium-severity vulnerability rated 4.6/10 on the CVSS scale. On impacted versions and platforms the Trusted Platform Module (TPM) system integrity check cannot detect modifications to specific system components. This issue only impacts specific engineering hotfixes and platforms. EPSS estimates a 0.33% chance of exploitation in the next 30 days.

Description

On impacted versions and platforms the Trusted Platform Module (TPM) system integrity check cannot detect modifications to specific system components. This issue only impacts specific engineering hotfixes and platforms. NOTE: This vulnerability does not affect any of the BIG-IP major, minor or maintenance releases you obtained from downloads.f5.com. The affected Engineering Hotfix builds are as follows: Hotfix-BIGIP-14.1.0.2.0.45.4-ENG Hotfix-BIGIP-14.1.0.2.0.62.4-ENG

Metrics

CVSS 3.1

4.6/10

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

EPSS Probability

0.33%

25.0th percentile

Probability of exploitation in the next 30 days. Learn more

Affected Software

Vendor	Product	Versions
F5	Big-Ip Local Traffic Manager	14.1.0.2.0.45.4
F5	Big-Ip Local Traffic Manager	14.1.0.2.0.62.4
F5	Big-Ip Advanced Firewall Manager	14.1.0.2.0.45.4
F5	Big-Ip Advanced Firewall Manager	14.1.0.2.0.62.4
F5	Big-Ip Application Acceleration Manager	14.1.0.2.0.45.4
F5	Big-Ip Application Acceleration Manager	14.1.0.2.0.62.4
F5	Big-Ip Analytics	14.1.0.2.0.45.4
F5	Big-Ip Analytics	14.1.0.2.0.62.4
F5	Big-Ip Access Policy Manager	14.1.0.2.0.45.4
F5	Big-Ip Access Policy Manager	14.1.0.2.0.62.4
F5	Big-Ip Application Security Manager	14.1.0.2.0.45.4
F5	Big-Ip Application Security Manager	14.1.0.2.0.62.4
F5	Big-Ip Edge Gateway	14.1.0.2.0.45.4
F5	Big-Ip Edge Gateway	14.1.0.2.0.62.4
F5	Big-Ip Fraud Protection Service	14.1.0.2.0.45.4
F5	Big-Ip Fraud Protection Service	14.1.0.2.0.62.4
F5	Big-Ip Global Traffic Manager	14.1.0.2.0.45.4
F5	Big-Ip Global Traffic Manager	14.1.0.2.0.62.4
F5	Big-Ip Link Controller	14.1.0.2.0.45.4
F5	Big-Ip Link Controller	14.1.0.2.0.62.4
F5	Big-Ip Policy Enforcement Manager	14.1.0.2.0.45.4
F5	Big-Ip Policy Enforcement Manager	14.1.0.2.0.62.4
F5	Big-Ip Webaccelerator	14.1.0.2.0.45.4
F5	Big-Ip Webaccelerator	14.1.0.2.0.62.4
F5	Big-Ip Domain Name System	14.1.0.2.0.45.4
F5	Big-Ip Domain Name System	14.1.0.2.0.62.4

References

https://support.f5.com/csp/article/K91171450Vendor Advisory
https://support.f5.com/csp/article/K91171450Vendor Advisory

Timeline

Published: Jan 14, 2020
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2020-5851?

How severe is CVE-2020-5851?

CVE-2020-5851 has a CVSS score of 4.6/10 (MEDIUM severity). The EPSS model estimates a 0.33% probability of exploitation in the next 30 days.

How do I fix CVE-2020-5851?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2020-5851?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST