CVE-2020-5863 — HIGH (8.6) — White Hats Nepal

Q: How severe is CVE-2020-5863?

CVE-2020-5863 has been rated HIGH with a CVSS base score of 8.6/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2020-5863?

Check the references section above for vendor advisories and patch information. Affected products include: F5 Nginx Controller, Netapp Cloud Backup.

Vulnerability Description

In NGINX Controller versions prior to 3.2.0, an unauthenticated attacker with network access to the Controller API can create unprivileged user accounts. The user which is created is only able to upload a new license to the system but cannot view or modify any other components of the system.

CVSS Score

8.6

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

LOW

Availability

HIGH

Affected Products

Vendor	Product	Versions
F5	Nginx Controller	>= 2.0.0, <= 2.9.0
Netapp	Cloud Backup	-

References

https://security.netapp.com/advisory/ntap-20200430-0005/Third Party Advisory
https://support.f5.com/csp/article/K14631834Vendor Advisory
https://security.netapp.com/advisory/ntap-20200430-0005/Third Party Advisory
https://support.f5.com/csp/article/K14631834Vendor Advisory

FAQ

What is CVE-2020-5863?

CVE-2020-5863 is a vulnerability with a CVSS score of 8.6 (HIGH). In NGINX Controller versions prior to 3.2.0, an unauthenticated attacker with network access to the Controller API can create unprivileged user accounts. The user which is created is only able to uplo...

How severe is CVE-2020-5863?

CVE-2020-5863 has been rated HIGH with a CVSS base score of 8.6/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-5863?

Check the references section above for vendor advisories and patch information. Affected products include: F5 Nginx Controller, Netapp Cloud Backup.