CVE-2020-5902

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 01-07-2020 05:15

Last modified: - 03-05-2022 03:59

Total changes: - 3

Description

In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the Traffic Management User Interface (TMUI), also referred to as the Configuration utility, has a Remote Code Execution (RCE) vulnerability in undisclosed pages.

Common Vulnerability Scoring System (CVSS)

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Low

Attack complexity

Network

Attack vector

High

Availability

High

Confidentiality

High

Integrity

None

Privileges required

Unchanged

Scope

None

User interaction

9.8

Base score

3.9

5.9

Exploitability score

Impact score

Verification logic

vendor=f5 AND product=big-ip_access_policy_manager AND versionStartIncluding=11.6.1 AND versionEndExcluding=11.6.5.2

vendor=f5 AND product=big-ip_access_policy_manager AND versionStartIncluding=12.1.0 AND versionEndExcluding=12.1.5.2

vendor=f5 AND product=big-ip_access_policy_manager AND versionStartIncluding=13.1.0 AND versionEndExcluding=13.1.3.4

vendor=f5 AND product=big-ip_access_policy_manager AND versionStartIncluding=14.1.0 AND versionEndExcluding=14.1.2.6

vendor=f5 AND product=big-ip_access_policy_manager AND versionEndIncluding=15.0.1.4 AND versionStartIncluding=15.0.0

vendor=f5 AND product=big-ip_access_policy_manager AND versionStartIncluding=15.1.0 AND versionEndExcluding=15.1.0.4

vendor=f5 AND product=big-ip_advanced_firewall_manager AND versionStartIncluding=11.6.1 AND versionEndExcluding=11.6.5.2

vendor=f5 AND product=big-ip_advanced_firewall_manager AND versionStartIncluding=12.1.0 AND versionEndExcluding=12.1.5.2

vendor=f5 AND product=big-ip_advanced_firewall_manager AND versionStartIncluding=13.1.0 AND versionEndExcluding=13.1.3.4

vendor=f5 AND product=big-ip_advanced_firewall_manager AND versionStartIncluding=14.1.0 AND versionEndExcluding=14.1.2.6

vendor=f5 AND product=big-ip_advanced_firewall_manager AND versionStartIncluding=15.0.0 AND versionEndExcluding=15.0.1.4

vendor=f5 AND product=big-ip_advanced_firewall_manager AND versionStartIncluding=15.1.0 AND versionEndExcluding=15.1.0.4

vendor=f5 AND product=big-ip_advanced_web_application_firewall AND versionStartIncluding=11.6.1 AND versionEndExcluding=11.6.5.2

vendor=f5 AND product=big-ip_advanced_web_application_firewall AND versionStartIncluding=12.1.0 AND versionEndExcluding=12.1.5.2

vendor=f5 AND product=big-ip_advanced_web_application_firewall AND versionStartIncluding=13.1.0 AND versionEndExcluding=13.1.3.4

vendor=f5 AND product=big-ip_advanced_web_application_firewall AND versionStartIncluding=14.1.0 AND versionEndExcluding=14.1.2.6

vendor=f5 AND product=big-ip_advanced_web_application_firewall AND versionStartIncluding=15.0.0 AND versionEndExcluding=15.0.1.4

vendor=f5 AND product=big-ip_advanced_web_application_firewall AND versionStartIncluding=15.1.0 AND versionEndExcluding=15.1.0.4

vendor=f5 AND product=big-ip_analytics AND versionStartIncluding=11.6.1 AND versionEndExcluding=11.6.5.2

vendor=f5 AND product=big-ip_analytics AND versionStartIncluding=12.1.0 AND versionEndExcluding=12.1.5.2

vendor=f5 AND product=big-ip_analytics AND versionStartIncluding=13.1.0 AND versionEndExcluding=13.1.3.4

vendor=f5 AND product=big-ip_analytics AND versionStartIncluding=14.1.0 AND versionEndExcluding=14.1.2.6

vendor=f5 AND product=big-ip_analytics AND versionStartIncluding=15.0.0 AND versionEndExcluding=15.0.1.4

vendor=f5 AND product=big-ip_analytics AND versionStartIncluding=15.1.0 AND versionEndExcluding=15.1.0.4

vendor=f5 AND product=big-ip_application_acceleration_manager AND versionStartIncluding=11.6.1 AND versionEndExcluding=11.6.5.2

vendor=f5 AND product=big-ip_application_acceleration_manager AND versionStartIncluding=12.1.0 AND versionEndExcluding=12.1.5.2

vendor=f5 AND product=big-ip_application_acceleration_manager AND versionStartIncluding=13.1.0 AND versionEndExcluding=13.1.3.4

vendor=f5 AND product=big-ip_application_acceleration_manager AND versionStartIncluding=14.1.0 AND versionEndExcluding=14.1.2.6

vendor=f5 AND product=big-ip_application_acceleration_manager AND versionStartIncluding=15.0.0 AND versionEndExcluding=15.0.1.4

vendor=f5 AND product=big-ip_application_acceleration_manager AND versionStartIncluding=15.1.0 AND versionEndExcluding=15.1.0.4

vendor=f5 AND product=big-ip_application_security_manager AND versionStartIncluding=11.6.1 AND versionEndExcluding=11.6.5.2

vendor=f5 AND product=big-ip_application_security_manager AND versionStartIncluding=12.1.0 AND versionEndExcluding=12.1.5.2

vendor=f5 AND product=big-ip_application_security_manager AND versionStartIncluding=13.1.0 AND versionEndExcluding=13.1.3.4

vendor=f5 AND product=big-ip_application_security_manager AND versionStartIncluding=14.1.0 AND versionEndExcluding=14.1.2.6

vendor=f5 AND product=big-ip_application_security_manager AND versionStartIncluding=15.0.0 AND versionEndExcluding=15.0.1.4

vendor=f5 AND product=big-ip_application_security_manager AND versionStartIncluding=15.1.0 AND versionEndExcluding=15.1.0.4

vendor=f5 AND product=big-ip_ddos_hybrid_defender AND versionStartIncluding=11.6.1 AND versionEndExcluding=11.6.5.2

vendor=f5 AND product=big-ip_ddos_hybrid_defender AND versionStartIncluding=12.1.0 AND versionEndExcluding=12.1.5.2

vendor=f5 AND product=big-ip_ddos_hybrid_defender AND versionStartIncluding=13.1.0 AND versionEndExcluding=13.1.3.4

vendor=f5 AND product=big-ip_ddos_hybrid_defender AND versionStartIncluding=14.1.0 AND versionEndExcluding=14.1.2.6

vendor=f5 AND product=big-ip_ddos_hybrid_defender AND versionStartIncluding=15.0.0 AND versionEndExcluding=15.0.1.4

vendor=f5 AND product=big-ip_ddos_hybrid_defender AND versionStartIncluding=15.1.0 AND versionEndExcluding=15.1.0.4

vendor=f5 AND product=big-ip_domain_name_system AND versionStartIncluding=11.6.1 AND versionEndExcluding=11.6.5.2

vendor=f5 AND product=big-ip_domain_name_system AND versionStartIncluding=12.1.0 AND versionEndExcluding=12.1.5.2

vendor=f5 AND product=big-ip_domain_name_system AND versionStartIncluding=13.1.0 AND versionEndExcluding=13.1.3.4

vendor=f5 AND product=big-ip_domain_name_system AND versionStartIncluding=14.1.0 AND versionEndExcluding=14.1.2.6

vendor=f5 AND product=big-ip_domain_name_system AND versionStartIncluding=15.0.0 AND versionEndExcluding=15.0.1.4

vendor=f5 AND product=big-ip_domain_name_system AND versionStartIncluding=15.1.0 AND versionEndExcluding=15.1.0.4

vendor=f5 AND product=big-ip_fraud_protection_service AND versionStartIncluding=11.6.1 AND versionEndExcluding=11.6.5.2

vendor=f5 AND product=big-ip_fraud_protection_service AND versionStartIncluding=12.1.0 AND versionEndExcluding=12.1.5.2

vendor=f5 AND product=big-ip_fraud_protection_service AND versionStartIncluding=13.1.0 AND versionEndExcluding=13.1.3.4

vendor=f5 AND product=big-ip_fraud_protection_service AND versionStartIncluding=14.1.0 AND versionEndExcluding=14.1.2.6

vendor=f5 AND product=big-ip_fraud_protection_service AND versionStartIncluding=15.0.0 AND versionEndExcluding=15.0.1.4

vendor=f5 AND product=big-ip_fraud_protection_service AND versionStartIncluding=15.1.0 AND versionEndExcluding=15.1.0.4

vendor=f5 AND product=big-ip_global_traffic_manager AND versionStartIncluding=11.6.1 AND versionEndExcluding=11.6.5.2

vendor=f5 AND product=big-ip_global_traffic_manager AND versionStartIncluding=12.1.0 AND versionEndExcluding=12.1.5.2

vendor=f5 AND product=big-ip_global_traffic_manager AND versionStartIncluding=13.1.0 AND versionEndExcluding=13.1.3.4

vendor=f5 AND product=big-ip_global_traffic_manager AND versionStartIncluding=14.1.0 AND versionEndExcluding=14.1.2.6

vendor=f5 AND product=big-ip_global_traffic_manager AND versionStartIncluding=15.0.0 AND versionEndExcluding=15.0.1.4

vendor=f5 AND product=big-ip_global_traffic_manager AND versionStartIncluding=15.1.0 AND versionEndExcluding=15.1.0.4

vendor=f5 AND product=big-ip_link_controller AND versionStartIncluding=11.6.1 AND versionEndExcluding=11.6.5.2

vendor=f5 AND product=big-ip_link_controller AND versionStartIncluding=12.1.0 AND versionEndExcluding=12.1.5.2

vendor=f5 AND product=big-ip_link_controller AND versionStartIncluding=13.1.0 AND versionEndExcluding=13.1.3.4

vendor=f5 AND product=big-ip_link_controller AND versionStartIncluding=14.1.0 AND versionEndExcluding=14.1.2.6

vendor=f5 AND product=big-ip_link_controller AND versionStartIncluding=15.0.0 AND versionEndExcluding=15.0.1.4

vendor=f5 AND product=big-ip_link_controller AND versionStartIncluding=15.1.0 AND versionEndExcluding=15.1.0.4

vendor=f5 AND product=big-ip_local_traffic_manager AND versionStartIncluding=11.6.1 AND versionEndExcluding=11.6.5.2

vendor=f5 AND product=big-ip_local_traffic_manager AND versionStartIncluding=12.1.0 AND versionEndExcluding=12.1.5.2

vendor=f5 AND product=big-ip_local_traffic_manager AND versionStartIncluding=13.1.0 AND versionEndExcluding=13.1.3.4

vendor=f5 AND product=big-ip_local_traffic_manager AND versionStartIncluding=14.1.0 AND versionEndExcluding=14.1.2.6

vendor=f5 AND product=big-ip_local_traffic_manager AND versionStartIncluding=15.0.0 AND versionEndExcluding=15.0.1.4

vendor=f5 AND product=big-ip_local_traffic_manager AND versionStartIncluding=15.1.0 AND versionEndExcluding=15.1.0.4

vendor=f5 AND product=big-ip_policy_enforcement_manager AND versionStartIncluding=11.6.1 AND versionEndExcluding=11.6.5.2

vendor=f5 AND product=big-ip_policy_enforcement_manager AND versionStartIncluding=12.1.0 AND versionEndExcluding=12.1.5.2

vendor=f5 AND product=big-ip_policy_enforcement_manager AND versionStartIncluding=13.1.0 AND versionEndExcluding=13.1.3.4

vendor=f5 AND product=big-ip_policy_enforcement_manager AND versionStartIncluding=14.1.0 AND versionEndExcluding=14.1.2.6

vendor=f5 AND product=big-ip_policy_enforcement_manager AND versionStartIncluding=15.0.0 AND versionEndExcluding=15.0.1.4

vendor=f5 AND product=big-ip_policy_enforcement_manager AND versionStartIncluding=15.1.0 AND versionEndExcluding=15.1.0.4

vendor=f5 AND product=ssl_orchestrator AND versionStartIncluding=11.6.1 AND versionEndExcluding=11.6.5.2

vendor=f5 AND product=ssl_orchestrator AND versionStartIncluding=12.1.0 AND versionEndExcluding=12.1.5.2

vendor=f5 AND product=ssl_orchestrator AND versionStartIncluding=13.1.0 AND versionEndExcluding=13.1.3.4

vendor=f5 AND product=ssl_orchestrator AND versionStartIncluding=14.1.0 AND versionEndExcluding=14.1.2.6

vendor=f5 AND product=ssl_orchestrator AND versionStartIncluding=15.0.0 AND versionEndExcluding=15.0.1.4

vendor=f5 AND product=ssl_orchestrator AND versionStartIncluding=15.1.0 AND versionEndExcluding=15.1.0.4

Reference

Keywords

CVE-2020-5902

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2020-5902

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures