CVE-2020-5902
Vulnerability from cvelistv5
Published
2020-07-01 00:00
Modified
2024-08-04 08:47
Severity ?
EPSS score ?
Summary
In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the Traffic Management User Interface (TMUI), also referred to as the Configuration utility, has a Remote Code Execution (RCE) vulnerability in undisclosed pages.
References
Impacted products
CISA Known exploited vulnerability
Data from the Known Exploited Vulnerabilities Catalog
Date added: 2021-11-03
Due date: 2022-05-03
Required action: Apply updates per vendor instructions.
Used in ransomware: Known
Notes: https://nvd.nist.gov/vuln/detail/CVE-2020-5902
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:47:40.698Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K52145254"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/158333/BIG-IP-TMUI-Remote-Code-Execution.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/158334/BIG-IP-TMUI-Remote-Code-Execution.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/158366/F5-BIG-IP-TMUI-Directory-Traversal-File-Upload-Code-Execution.html"
},
{
"name": "VU#290915",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/290915"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.criticalstart.com/f5-big-ip-remote-code-execution-exploit/"
},
{
"tags": [
"x_transferred"
],
"url": "https://badpackets.net/over-3000-f5-big-ip-endpoints-vulnerable-to-cve-2020-5902/"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/158414/Checker-CVE-2020-5902.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Critical-Start/Team-Ares/tree/master/CVE-2020-5902"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/158581/F5-Big-IP-13.1.3-Build-0.0.6-Local-File-Inclusion.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://swarm.ptsecurity.com/rce-in-f5-big-ip/"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/175671/F5-BIG-IP-TMUI-Directory-Traversal-File-Upload-Code-Execution.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "BIG-IP",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, 11.6.1-11.6.5.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the Traffic Management User Interface (TMUI), also referred to as the Configuration utility, has a Remote Code Execution (RCE) vulnerability in undisclosed pages."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "RCE",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-14T03:06:51.520317",
"orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"shortName": "f5"
},
"references": [
{
"url": "https://support.f5.com/csp/article/K52145254"
},
{
"url": "http://packetstormsecurity.com/files/158333/BIG-IP-TMUI-Remote-Code-Execution.html"
},
{
"url": "http://packetstormsecurity.com/files/158334/BIG-IP-TMUI-Remote-Code-Execution.html"
},
{
"url": "http://packetstormsecurity.com/files/158366/F5-BIG-IP-TMUI-Directory-Traversal-File-Upload-Code-Execution.html"
},
{
"name": "VU#290915",
"tags": [
"third-party-advisory"
],
"url": "https://www.kb.cert.org/vuls/id/290915"
},
{
"url": "https://www.criticalstart.com/f5-big-ip-remote-code-execution-exploit/"
},
{
"url": "https://badpackets.net/over-3000-f5-big-ip-endpoints-vulnerable-to-cve-2020-5902/"
},
{
"url": "http://packetstormsecurity.com/files/158414/Checker-CVE-2020-5902.html"
},
{
"url": "https://github.com/Critical-Start/Team-Ares/tree/master/CVE-2020-5902"
},
{
"url": "http://packetstormsecurity.com/files/158581/F5-Big-IP-13.1.3-Build-0.0.6-Local-File-Inclusion.html"
},
{
"url": "https://swarm.ptsecurity.com/rce-in-f5-big-ip/"
},
{
"url": "http://packetstormsecurity.com/files/175671/F5-BIG-IP-TMUI-Directory-Traversal-File-Upload-Code-Execution.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"assignerShortName": "f5",
"cveId": "CVE-2020-5902",
"datePublished": "2020-07-01T00:00:00",
"dateReserved": "2020-01-06T00:00:00",
"dateUpdated": "2024-08-04T08:47:40.698Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"meta": {
"cisa_known_exploited": {
"cveID": "CVE-2020-5902",
"cwes": "[\"CWE-22\"]",
"dateAdded": "2021-11-03",
"dueDate": "2022-05-03",
"knownRansomwareCampaignUse": "Known",
"notes": "https://nvd.nist.gov/vuln/detail/CVE-2020-5902",
"product": "BIG-IP",
"requiredAction": "Apply updates per vendor instructions.",
"shortDescription": "F5 BIG-IP Traffic Management User Interface (TMUI) contains a remote code execution vulnerability in undisclosed pages.",
"vendorProject": "F5",
"vulnerabilityName": "F5 BIG-IP Traffic Management User Interface (TMUI) Remote Code Execution Vulnerability"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2020-5902\",\"sourceIdentifier\":\"f5sirt@f5.com\",\"published\":\"2020-07-01T15:15:15.360\",\"lastModified\":\"2024-07-25T16:42:50.637\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"cisaExploitAdd\":\"2021-11-03\",\"cisaActionDue\":\"2022-05-03\",\"cisaRequiredAction\":\"Apply updates per vendor instructions.\",\"cisaVulnerabilityName\":\"F5 BIG-IP Traffic Management User Interface (TMUI) Remote Code Execution Vulnerability\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the Traffic Management User Interface (TMUI), also referred to as the Configuration utility, has a Remote Code Execution (RCE) vulnerability in undisclosed pages.\"},{\"lang\":\"es\",\"value\":\"En BIG-IP versiones 15.0.0 hasta 15.1.0.3, 14.1.0 hasta 14.1.2.5, 13.1.0 hasta 13.1.3.3, 12.1.0 hasta 12.1.5.1 y 11.6.1 hasta 11.6.5.1, el Traffic Management User Interface (TMUI), tambi\u00e9n se conoce como la utilidad de Configuraci\u00f3n, presenta una vulnerabilidad de Ejecuci\u00f3n de C\u00f3digo Remota (RCE) en p\u00e1ginas no reveladas\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:C/I:C/A:C\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\",\"baseScore\":10.0},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-22\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.6.1\",\"versionEndExcluding\":\"11.6.5.2\",\"matchCriteriaId\":\"BB236652-BD60-4FEF-9D59-8B49FB3A7655\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"12.1.0\",\"versionEndExcluding\":\"12.1.5.2\",\"matchCriteriaId\":\"EE0532FA-7B7B-46B3-AB10-0920034A7E43\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.1.0\",\"versionEndExcluding\":\"13.1.3.4\",\"matchCriteriaId\":\"592327AA-BCC4-4CD0-82C6-EA739F049E82\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"14.1.0\",\"versionEndExcluding\":\"14.1.2.6\",\"matchCriteriaId\":\"3A49F18E-2004-4BDB-BA3F-93C52B23CCA9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"15.0.0\",\"versionEndIncluding\":\"15.0.1.4\",\"matchCriteriaId\":\"65C2E51D-76FF-4604-B9A6-1EB48AAF1CA6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"15.1.0\",\"versionEndExcluding\":\"15.1.0.4\",\"matchCriteriaId\":\"11F32785-49DA-4C57-AD28-BC630E55222A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.6.1\",\"versionEndExcluding\":\"11.6.5.2\",\"matchCriteriaId\":\"ADB2B518-F813-4B11-BBF5-0BFB2979A6B8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"12.1.0\",\"versionEndExcluding\":\"12.1.5.2\",\"matchCriteriaId\":\"3B3DCE49-C37D-4951-AB57-7CDDEBA1C1E5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.1.0\",\"versionEndExcluding\":\"13.1.3.4\",\"matchCriteriaId\":\"3DD78D19-D17E-45EC-98C7-74D086AE68AA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"14.1.0\",\"versionEndExcluding\":\"14.1.2.6\",\"matchCriteriaId\":\"0CDD8550-E2BC-44B4-857C-706D2DC769F0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"15.0.0\",\"versionEndExcluding\":\"15.0.1.4\",\"matchCriteriaId\":\"5B59E16D-7645-492A-9C1D-A8724FFCA28F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"15.1.0\",\"versionEndExcluding\":\"15.1.0.4\",\"matchCriteriaId\":\"EFB71683-C715-41DB-A42E-4269D26D5DD3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.6.1\",\"versionEndExcluding\":\"11.6.5.2\",\"matchCriteriaId\":\"E64263B7-7BE1-472E-9130-7BC8F2932683\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"12.1.0\",\"versionEndExcluding\":\"12.1.5.2\",\"matchCriteriaId\":\"694C630B-5342-4C6C-A0FA-050B9C76936D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.1.0\",\"versionEndExcluding\":\"13.1.3.4\",\"matchCriteriaId\":\"EC400989-FE65-4DEC-B9DD-7BEF6EB72DC0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"14.1.0\",\"versionEndExcluding\":\"14.1.2.6\",\"matchCriteriaId\":\"708FD0A9-5167-45B5-80A1-85F105365C98\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"15.0.0\",\"versionEndExcluding\":\"15.0.1.4\",\"matchCriteriaId\":\"7FBF20C1-5B3C-4DC0-B6F7-4DB0205BF2B0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"15.1.0\",\"versionEndExcluding\":\"15.1.0.4\",\"matchCriteriaId\":\"B8434935-CE50-4CE7-BA17-6966E71BC9FD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.6.1\",\"versionEndExcluding\":\"11.6.5.2\",\"matchCriteriaId\":\"31E16A1B-E305-4390-976C-5F33A82EF396\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"12.1.0\",\"versionEndExcluding\":\"12.1.5.2\",\"matchCriteriaId\":\"0C3E75CB-C764-4868-8459-1FAC03506EE8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.1.0\",\"versionEndExcluding\":\"13.1.3.4\",\"matchCriteriaId\":\"F1C551C9-169C-450E-965A-4F9F3E2C785B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"14.1.0\",\"versionEndExcluding\":\"14.1.2.6\",\"matchCriteriaId\":\"32E6595B-27F1-4298-9B72-5618A5A0605A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"15.0.0\",\"versionEndExcluding\":\"15.0.1.4\",\"matchCriteriaId\":\"92F370C2-3C5A-416D-83C1-A4F84866E958\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"15.1.0\",\"versionEndExcluding\":\"15.1.0.4\",\"matchCriteriaId\":\"B8E7820D-A574-41C8-A602-05A825F26726\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.6.1\",\"versionEndExcluding\":\"11.6.5.2\",\"matchCriteriaId\":\"0FB118FB-2EFB-4F17-B6E1-FC4B46B9C265\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"12.1.0\",\"versionEndExcluding\":\"12.1.5.2\",\"matchCriteriaId\":\"5D3F7911-FB00-4612-9109-9E7A407BC7B7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.1.0\",\"versionEndExcluding\":\"13.1.3.4\",\"matchCriteriaId\":\"B547F46F-5563-4E7F-8B69-3D25C6C58521\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"14.1.0\",\"versionEndExcluding\":\"14.1.2.6\",\"matchCriteriaId\":\"6317DD02-5FC5-4476-8F63-8A7915440F94\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"15.0.0\",\"versionEndExcluding\":\"15.0.1.4\",\"matchCriteriaId\":\"997D12F1-098D-4C42-A6A2-B4F59AC78F0F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"15.1.0\",\"versionEndExcluding\":\"15.1.0.4\",\"matchCriteriaId\":\"A7B37CD3-4B52-4761-9BEC-5D4CC57783B8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.6.1\",\"versionEndExcluding\":\"11.6.5.2\",\"matchCriteriaId\":\"8999F566-9884-4CAA-BED7-8CF72F11E6F8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"12.1.0\",\"versionEndExcluding\":\"12.1.5.2\",\"matchCriteriaId\":\"91BF72A9-EB50-4315-B956-5926967DCC46\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.1.0\",\"versionEndExcluding\":\"13.1.3.4\",\"matchCriteriaId\":\"4AEE0B76-3F8E-420A-9589-BF3FDB942DEB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"14.1.0\",\"versionEndExcluding\":\"14.1.2.6\",\"matchCriteriaId\":\"BA19452D-9C3D-41FB-8606-51F90126B2A0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"15.0.0\",\"versionEndExcluding\":\"15.0.1.4\",\"matchCriteriaId\":\"E6C4B56F-D022-4268-9D78-6E4D12AE9215\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"15.1.0\",\"versionEndExcluding\":\"15.1.0.4\",\"matchCriteriaId\":\"A4C4B36F-ABA3-4C9C-BE94-389A91185CE5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.6.1\",\"versionEndExcluding\":\"11.6.5.2\",\"matchCriteriaId\":\"EC8B0F64-D0FC-4CC9-94CA-38A55043C529\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"12.1.0\",\"versionEndExcluding\":\"12.1.5.2\",\"matchCriteriaId\":\"39AECFF0-3A86-45A4-AB7F-DCC3717E8E97\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.1.0\",\"versionEndExcluding\":\"13.1.3.4\",\"matchCriteriaId\":\"3F8B4719-B7C7-4383-B74B-119DD5F51773\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"14.1.0\",\"versionEndExcluding\":\"14.1.2.6\",\"matchCriteriaId\":\"FE999923-5893-44D4-9212-E94990A3F1A7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"15.0.0\",\"versionEndExcluding\":\"15.0.1.4\",\"matchCriteriaId\":\"62F2CBB9-C4FE-4065-8F13-E677E572F4B9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"15.1.0\",\"versionEndExcluding\":\"15.1.0.4\",\"matchCriteriaId\":\"1E34F61C-1C60-4BA7-A282-C5B295A7241C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.6.1\",\"versionEndExcluding\":\"11.6.5.2\",\"matchCriteriaId\":\"F997F6D8-D08D-4EB0-BEA7-288AEFD6F28C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"12.1.0\",\"versionEndExcluding\":\"12.1.5.2\",\"matchCriteriaId\":\"73EC8EDA-669A-4750-934F-3B3FBF557080\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.1.0\",\"versionEndExcluding\":\"13.1.3.4\",\"matchCriteriaId\":\"C7917031-0735-483C-A8DA-11430056D568\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"14.1.0\",\"versionEndExcluding\":\"14.1.2.6\",\"matchCriteriaId\":\"357FD2B0-3437-4D26-9D84-FE1449E37A74\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"15.0.0\",\"versionEndExcluding\":\"15.0.1.4\",\"matchCriteriaId\":\"EAFC0D83-7F64-44F2-A014-37DE3CAF846A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"15.1.0\",\"versionEndExcluding\":\"15.1.0.4\",\"matchCriteriaId\":\"0DB7EE01-966A-40EB-8F49-AFE22B1FAF31\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.6.1\",\"versionEndExcluding\":\"11.6.5.2\",\"matchCriteriaId\":\"925DA0B2-7570-4819-845C-C35E5B168F80\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"12.1.0\",\"versionEndExcluding\":\"12.1.5.2\",\"matchCriteriaId\":\"A0581EEF-98E6-4961-8178-BA2D7647F931\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.1.0\",\"versionEndExcluding\":\"13.1.3.4\",\"matchCriteriaId\":\"FFC5C221-AE58-4580-876A-E5FD7970A695\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"14.1.0\",\"versionEndExcluding\":\"14.1.2.6\",\"matchCriteriaId\":\"5746AE6E-9D1B-4275-A756-4FFBEE9FC6D3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"15.0.0\",\"versionEndExcluding\":\"15.0.1.4\",\"matchCriteriaId\":\"920BC3DD-A1D4-403B-83D2-00636C20FFC0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"15.1.0\",\"versionEndExcluding\":\"15.1.0.4\",\"matchCriteriaId\":\"3CD1518D-E884-4B38-96CB-2C02493352B3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.6.1\",\"versionEndExcluding\":\"11.6.5.2\",\"matchCriteriaId\":\"A4A036A0-5E0C-4E64-B88D-D1B61257896E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"12.1.0\",\"versionEndExcluding\":\"12.1.5.2\",\"matchCriteriaId\":\"32773569-67FE-4F08-A613-E507FCDEACEF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.1.0\",\"versionEndExcluding\":\"13.1.3.4\",\"matchCriteriaId\":\"463AA399-492A-4DB6-BFD1-31725012AE8F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"14.1.0\",\"versionEndExcluding\":\"14.1.2.6\",\"matchCriteriaId\":\"A52B5EA8-31E5-4CDB-81FB-3AE8251F29CF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"15.0.0\",\"versionEndExcluding\":\"15.0.1.4\",\"matchCriteriaId\":\"49C8BE4A-DED6-451A-B6EE-AC95DD26F85A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"15.1.0\",\"versionEndExcluding\":\"15.1.0.4\",\"matchCriteriaId\":\"AB170091-1F18-46D7-8164-ACC9B05954E3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.6.1\",\"versionEndExcluding\":\"11.6.5.2\",\"matchCriteriaId\":\"97AB336E-2A10-4508-9F20-DB54D628355F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"12.1.0\",\"versionEndExcluding\":\"12.1.5.2\",\"matchCriteriaId\":\"4494F771-4026-478C-8004-B162653DC80C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.1.0\",\"versionEndExcluding\":\"13.1.3.4\",\"matchCriteriaId\":\"98314370-E3C8-4CB5-9F48-57004EB96D8F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"14.1.0\",\"versionEndExcluding\":\"14.1.2.6\",\"matchCriteriaId\":\"2B1AC241-FE68-4275-8992-7575AA8AD118\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"15.0.0\",\"versionEndExcluding\":\"15.0.1.4\",\"matchCriteriaId\":\"DEC0E30F-6550-4BC9-8DA7-6BD495DBF415\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"15.1.0\",\"versionEndExcluding\":\"15.1.0.4\",\"matchCriteriaId\":\"D30769C3-F8CB-491A-8E51-0147AA07DDA4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.6.1\",\"versionEndExcluding\":\"11.6.5.2\",\"matchCriteriaId\":\"54D289F0-1896-4996-AEDF-B299C6DB8945\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"12.1.0\",\"versionEndExcluding\":\"12.1.5.2\",\"matchCriteriaId\":\"A97489DC-A5DE-48AD-BBA2-F9078070F53A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.1.0\",\"versionEndExcluding\":\"13.1.3.4\",\"matchCriteriaId\":\"FBF128B7-874B-4E3A-B52F-1C2DE34F64A9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"14.1.0\",\"versionEndExcluding\":\"14.1.2.6\",\"matchCriteriaId\":\"29F4E502-D8D5-4719-986F-90BC08B3DC16\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"15.0.0\",\"versionEndExcluding\":\"15.0.1.4\",\"matchCriteriaId\":\"D5D90F4A-FA2A-412F-8591-D1CA6399ECAD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"15.1.0\",\"versionEndExcluding\":\"15.1.0.4\",\"matchCriteriaId\":\"ABAFAE9B-AA80-4D3B-AA3A-4ED5C3BE6113\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.6.1\",\"versionEndExcluding\":\"11.6.5.2\",\"matchCriteriaId\":\"78F7A30F-4455-420D-9254-E9910E16EC3F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"12.1.0\",\"versionEndExcluding\":\"12.1.5.2\",\"matchCriteriaId\":\"1EDB944B-DF60-45AF-AD60-33E9667E0D12\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.1.0\",\"versionEndExcluding\":\"13.1.3.4\",\"matchCriteriaId\":\"20C58940-C7A3-47A9-8C9E-7B652E4F4750\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"14.1.0\",\"versionEndExcluding\":\"14.1.2.6\",\"matchCriteriaId\":\"67516A0B-7359-42DE-B318-6979DEEFC229\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"15.0.0\",\"versionEndExcluding\":\"15.0.1.4\",\"matchCriteriaId\":\"BAD2867D-D646-4B01-A383-6A47B51D059E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"15.1.0\",\"versionEndExcluding\":\"15.1.0.4\",\"matchCriteriaId\":\"7E314109-D770-4055-9248-2BE25B0EF084\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:ssl_orchestrator:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.6.1\",\"versionEndExcluding\":\"11.6.5.2\",\"matchCriteriaId\":\"53F1F7BD-512D-46D4-A888-A2670DEB1C4F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:ssl_orchestrator:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"12.1.0\",\"versionEndExcluding\":\"12.1.5.2\",\"matchCriteriaId\":\"AE483701-8CB3-4745-BD47-B022EBEA2CA9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:ssl_orchestrator:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.1.0\",\"versionEndExcluding\":\"13.1.3.4\",\"matchCriteriaId\":\"57A7A47C-DBC5-4D1B-9C54-4A04C16BD904\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:ssl_orchestrator:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"14.1.0\",\"versionEndExcluding\":\"14.1.2.6\",\"matchCriteriaId\":\"6B4BC535-7F99-45F4-9094-29B52DEB8168\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:ssl_orchestrator:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"15.0.0\",\"versionEndExcluding\":\"15.0.1.4\",\"matchCriteriaId\":\"4F54A8AE-61F3-4F43-82BF-55842B56064A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:ssl_orchestrator:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"15.1.0\",\"versionEndExcluding\":\"15.1.0.4\",\"matchCriteriaId\":\"0F20F608-2930-41F2-A720-B8638395FF44\"}]}]}],\"references\":[{\"url\":\"http://packetstormsecurity.com/files/158333/BIG-IP-TMUI-Remote-Code-Execution.html\",\"source\":\"f5sirt@f5.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://packetstormsecurity.com/files/158334/BIG-IP-TMUI-Remote-Code-Execution.html\",\"source\":\"f5sirt@f5.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://packetstormsecurity.com/files/158366/F5-BIG-IP-TMUI-Directory-Traversal-File-Upload-Code-Execution.html\",\"source\":\"f5sirt@f5.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://packetstormsecurity.com/files/158414/Checker-CVE-2020-5902.html\",\"source\":\"f5sirt@f5.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://packetstormsecurity.com/files/158581/F5-Big-IP-13.1.3-Build-0.0.6-Local-File-Inclusion.html\",\"source\":\"f5sirt@f5.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://packetstormsecurity.com/files/175671/F5-BIG-IP-TMUI-Directory-Traversal-File-Upload-Code-Execution.html\",\"source\":\"f5sirt@f5.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://badpackets.net/over-3000-f5-big-ip-endpoints-vulnerable-to-cve-2020-5902/\",\"source\":\"f5sirt@f5.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/Critical-Start/Team-Ares/tree/master/CVE-2020-5902\",\"source\":\"f5sirt@f5.com\",\"tags\":[\"Broken Link\",\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://support.f5.com/csp/article/K52145254\",\"source\":\"f5sirt@f5.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://swarm.ptsecurity.com/rce-in-f5-big-ip/\",\"source\":\"f5sirt@f5.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://www.criticalstart.com/f5-big-ip-remote-code-execution-exploit/\",\"source\":\"f5sirt@f5.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://www.kb.cert.org/vuls/id/290915\",\"source\":\"f5sirt@f5.com\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]}]}}"
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.