CVE-2020-27720
CVE-2020-27720 is a high-severity vulnerability in F5 Big-ip Carrier-grade Nat with a CVSS 3.x base score of 7.5. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low.
Key facts
- Severity: High (CVSS 3.x base score 7.5)
- CVSS v2: 4.3
- EPSS exploit prediction: 1% (70th percentile)
- Actively exploited: Not listed in CISA KEV
- Affected product: F5 Big-ip Carrier-grade Nat
- Published:
- Last modified:
Description
On BIG-IP LTM/CGNAT version 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-14.1.3, and 13.1.0-13.1.3.5, when processing NAT66 traffic with Port Block Allocation (PBA) mode and SP-DAG enabled, and dag-ipv6-prefix-len configured with a value less than the default of 128, an undisclosed traffic pattern may cause the Traffic Management Microkernel (TMM) to restart.
Frequently asked questions
- What is CVE-2020-27720?
- On BIG-IP LTM/CGNAT version 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-14.1.3, and 13.1.0-13.1.3.5, when processing NAT66 traffic with Port Block Allocation (PBA) mode and SP-DAG enabled, and dag-ipv6-prefix-len configured with a value less than the default of 128, an undisclosed traffic pattern may cause the Traffic Management Microkernel (TMM) to restart.
- How severe is CVE-2020-27720?
- CVE-2020-27720 has a CVSS 3.x base score of 7.5, rated high severity. It is exploitable over network with low attack complexity, requires no privileges and no user interaction. Impact on confidentiality is none, integrity none, and availability high.
- Is CVE-2020-27720 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 1% (70th percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2020-27720?
- CVE-2020-27720 primarily affects F5 Big-ip Carrier-grade Nat. In total, 2 product configurations (CPEs) are listed as vulnerable; see the affected-products list for the exact versions.
- How do I fix CVE-2020-27720?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround. Given its high severity, prioritise patching exposed systems.
- When was CVE-2020-27720 published?
- CVE-2020-27720 was published on 2020-12-24 and last updated on 2026-06-17.
References
Affected products (2)
- cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*
More vulnerabilities in F5 Big-ip Carrier-grade Nat
- CVE-2023-41373 — Critical (CVSS 9.9): A directory traversal vulnerability exists in the BIG-IP Configuration Utility that may allow an authenticated attacker…
- CVE-2023-46747 — Critical (CVSS 9.8): Undisclosed requests may bypass configuration utility authentication, allowing an attacker with network access to the…
- CVE-2026-41225 — Critical (CVSS 9.1): A vulnerability exists in iControl REST where a highly privileged, authenticated attacker with at least the Manager…
- CVE-2026-41957 — High (CVSS 8.8): An authenticated remote code execution vulnerability through undisclosed vectors exists in the BIG-IP and BIG-IQ…
- CVE-2025-20029 — High (CVSS 8.8): Command injection vulnerability exists in iControl REST and BIG-IP TMOS Shell (tmsh) save command, which may allow an…
- CVE-2023-46748 — High (CVSS 8.8): An authenticated SQL injection vulnerability exists in the BIG-IP Configuration utility which may allow an…