QID 375933

F5 BIG-IP ASM (Application Security Manager) is a flexible web application firewall that secures web applications in traditional, virtual, and private cloud environments.
F5 BIG-IP (LTM) Local Traffic Manager is the most popular module offered on F5 Networks BIG-IP platform. The real power of the LTM is it is a Full Proxy, allowing you to augment client and server side connections. All while making informed load balancing decisions on availability, performance, and persistence.
F5 BIG-IP Access Policy Manager (APM) is a secure, flexible, high-performance solution that provides unified global access to your network, cloud, and applications.

net-snmp before 5.8.1.pre1 has a double free in usm_free_usmStateReference in snmplib/snmpusm.c via an SNMPv3 GetBulk request. NOTE: this affects net-snmp packages shipped to end users by multiple Linux distributions, but might not affect an upstream release. (CVE-2019-20892)

Vulnerable Component: BIG-IP ASM, APM, LTM

Affected Versions:
16.0.0 - 16.0.1.0
15.1.0 - 15.1.1

QID Detection Logic(Authenticated):
This QID checks for the vulnerable versions of F5 BIG-IP devices using the tmsh command.

When exploited, this vulnerability may cause the SNMP process to restart, leading to a disruption in SNMP services.