Vulnerability Description
In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the Traffic Management User Interface (TMUI), also referred to as the Configuration utility, has a Remote Code Execution (RCE) vulnerability in undisclosed pages.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| F5 | Big-Ip Access Policy Manager | >= 11.6.1, < 11.6.5.2 |
| F5 | Big-Ip Advanced Firewall Manager | >= 11.6.1, < 11.6.5.2 |
| F5 | Big-Ip Advanced Web Application Firewall | >= 11.6.1, < 11.6.5.2 |
| F5 | Big-Ip Analytics | >= 11.6.1, < 11.6.5.2 |
| F5 | Big-Ip Application Acceleration Manager | >= 11.6.1, < 11.6.5.2 |
| F5 | Big-Ip Application Security Manager | >= 11.6.1, < 11.6.5.2 |
| F5 | Big-Ip Ddos Hybrid Defender | >= 11.6.1, < 11.6.5.2 |
| F5 | Big-Ip Domain Name System | >= 11.6.1, < 11.6.5.2 |
| F5 | Big-Ip Fraud Protection Service | >= 11.6.1, < 11.6.5.2 |
| F5 | Big-Ip Global Traffic Manager | >= 11.6.1, < 11.6.5.2 |
| F5 | Big-Ip Link Controller | >= 11.6.1, < 11.6.5.2 |
| F5 | Big-Ip Local Traffic Manager | >= 11.6.1, < 11.6.5.2 |
| F5 | Big-Ip Policy Enforcement Manager | >= 11.6.1, < 11.6.5.2 |
| F5 | Ssl Orchestrator | >= 11.6.1, < 11.6.5.2 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/158333/BIG-IP-TMUI-Remote-Code-Execution.htExploitThird Party AdvisoryVDB Entry
- http://packetstormsecurity.com/files/158334/BIG-IP-TMUI-Remote-Code-Execution.htThird Party AdvisoryVDB Entry
- http://packetstormsecurity.com/files/158366/F5-BIG-IP-TMUI-Directory-Traversal-FExploitThird Party AdvisoryVDB Entry
- http://packetstormsecurity.com/files/158414/Checker-CVE-2020-5902.htmlThird Party AdvisoryVDB Entry
- http://packetstormsecurity.com/files/158581/F5-Big-IP-13.1.3-Build-0.0.6-Local-FExploitThird Party AdvisoryVDB Entry
- http://packetstormsecurity.com/files/175671/F5-BIG-IP-TMUI-Directory-Traversal-FExploitThird Party AdvisoryVDB Entry
- https://badpackets.net/over-3000-f5-big-ip-endpoints-vulnerable-to-cve-2020-5902ExploitThird Party Advisory
- https://github.com/Critical-Start/Team-Ares/tree/master/CVE-2020-5902Broken LinkExploitThird Party Advisory
- https://support.f5.com/csp/article/K52145254Vendor Advisory
- https://swarm.ptsecurity.com/rce-in-f5-big-ip/ExploitThird Party Advisory
- https://www.criticalstart.com/f5-big-ip-remote-code-execution-exploit/ExploitThird Party Advisory
- https://www.kb.cert.org/vuls/id/290915Third Party AdvisoryUS Government Resource
- http://packetstormsecurity.com/files/158333/BIG-IP-TMUI-Remote-Code-Execution.htExploitThird Party AdvisoryVDB Entry
- http://packetstormsecurity.com/files/158334/BIG-IP-TMUI-Remote-Code-Execution.htThird Party AdvisoryVDB Entry
- http://packetstormsecurity.com/files/158366/F5-BIG-IP-TMUI-Directory-Traversal-FExploitThird Party AdvisoryVDB Entry
FAQ
What is CVE-2020-5902?
CVE-2020-5902 is a vulnerability with a CVSS score of 9.8 (CRITICAL). In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the Traffic Management User Interface (TMUI), also referred to as the Configuration utility,...
How severe is CVE-2020-5902?
CVE-2020-5902 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2020-5902?
Check the references section above for vendor advisories and patch information. Affected products include: F5 Big-Ip Access Policy Manager, F5 Big-Ip Advanced Firewall Manager, F5 Big-Ip Advanced Web Application Firewall, F5 Big-Ip Analytics, F5 Big-Ip Application Acceleration Manager.