cnvd - cnvd-2020-51553

CNVD-2020-51553

Vulnerability from cnvd - Published: 2020-09-11

Title

F5 NGINX Controller授权问题漏洞（CNVD-2020-51553）

Description

F5 NGINX Controller是美国F5公司的一款用于NGINX的集中式监视和管理平台。该平台支持使用可视化界面管理多个NGINX实例。 F5 NGINX Controller 3.0.0版本至3.4.0版本中的NGINX Controller存在授权问题漏洞，该漏洞源于数据库中以纯文本格式传输并存储更改用户密码所需的恢复码，攻击者可利用该漏洞更改用户的用户密码，如果用户是管理员用户则攻击者可以完全控制NGINX Controller系统。

Severity

中

Patch Name

F5 NGINX Controller授权问题漏洞（CNVD-2020-51553）的补丁

Patch Description

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://support.f5.com/csp/article/K25434422

Reference

https://www.auscert.org.au/bulletins/ESB-2020.2025/

Impacted products

Name
F5 NGINX Controller >=3.0.0，<=3.4.0

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-5899"
    }
  },
  "description": "F5 NGINX Controller\u662f\u7f8e\u56fdF5\u516c\u53f8\u7684\u4e00\u6b3e\u7528\u4e8eNGINX\u7684\u96c6\u4e2d\u5f0f\u76d1\u89c6\u548c\u7ba1\u7406\u5e73\u53f0\u3002\u8be5\u5e73\u53f0\u652f\u6301\u4f7f\u7528\u53ef\u89c6\u5316\u754c\u9762\u7ba1\u7406\u591a\u4e2aNGINX\u5b9e\u4f8b\u3002\n\nF5 NGINX Controller 3.0.0\u7248\u672c\u81f33.4.0\u7248\u672c\u4e2d\u7684NGINX Controller\u5b58\u5728\u6388\u6743\u95ee\u9898\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u6570\u636e\u5e93\u4e2d\u4ee5\u7eaf\u6587\u672c\u683c\u5f0f\u4f20\u8f93\u5e76\u5b58\u50a8\u66f4\u6539\u7528\u6237\u5bc6\u7801\u6240\u9700\u7684\u6062\u590d\u7801\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u66f4\u6539\u7528\u6237\u7684\u7528\u6237\u5bc6\u7801\uff0c\u5982\u679c\u7528\u6237\u662f\u7ba1\u7406\u5458\u7528\u6237\u5219\u653b\u51fb\u8005\u53ef\u4ee5\u5b8c\u5168\u63a7\u5236NGINX Controller\u7cfb\u7edf\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://support.f5.com/csp/article/K25434422",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-51553",
  "openTime": "2020-09-11",
  "patchDescription": "F5 NGINX Controller\u662f\u7f8e\u56fdF5\u516c\u53f8\u7684\u4e00\u6b3e\u7528\u4e8eNGINX\u7684\u96c6\u4e2d\u5f0f\u76d1\u89c6\u548c\u7ba1\u7406\u5e73\u53f0\u3002\u8be5\u5e73\u53f0\u652f\u6301\u4f7f\u7528\u53ef\u89c6\u5316\u754c\u9762\u7ba1\u7406\u591a\u4e2aNGINX\u5b9e\u4f8b\u3002\r\n\r\nF5 NGINX Controller 3.0.0\u7248\u672c\u81f33.4.0\u7248\u672c\u4e2d\u7684NGINX Controller\u5b58\u5728\u6388\u6743\u95ee\u9898\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u6570\u636e\u5e93\u4e2d\u4ee5\u7eaf\u6587\u672c\u683c\u5f0f\u4f20\u8f93\u5e76\u5b58\u50a8\u66f4\u6539\u7528\u6237\u5bc6\u7801\u6240\u9700\u7684\u6062\u590d\u7801\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u66f4\u6539\u7528\u6237\u7684\u7528\u6237\u5bc6\u7801\uff0c\u5982\u679c\u7528\u6237\u662f\u7ba1\u7406\u5458\u7528\u6237\u5219\u653b\u51fb\u8005\u53ef\u4ee5\u5b8c\u5168\u63a7\u5236NGINX Controller\u7cfb\u7edf\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "F5 NGINX Controller\u6388\u6743\u95ee\u9898\u6f0f\u6d1e\uff08CNVD-2020-51553\uff09\u7684\u8865\u4e01",
  "products": {
    "product": "F5 NGINX Controller \u003e=3.0.0\uff0c\u003c=3.4.0"
  },
  "referenceLink": "https://www.auscert.org.au/bulletins/ESB-2020.2025/",
  "serverity": "\u4e2d",
  "submitTime": "2020-06-12",
  "title": "F5 NGINX Controller\u6388\u6743\u95ee\u9898\u6f0f\u6d1e\uff08CNVD-2020-51553\uff09"
}

CVE-2020-5899 (GCVE-0-2020-5899)

Vulnerability from cvelistv5 – Published: 2020-07-01 14:01 – Updated: 2024-08-04 08:47

Summary

In NGINX Controller 3.0.0-3.4.0, recovery code required to change a user's password is transmitted and stored in the database in plain text, which allows an attacker who can intercept the database connection or have read access to the database, to request a password reset using the email address of another registered user then retrieve the recovery code.

Severity ?

No CVSS data available.

CWE

account hijacking

Assigner

References

URL

Tags

https://support.f5.com/csp/article/K25434422

x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	NGINX Controller	Affected: 3.0.0-3.4.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T08:47:40.906Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.f5.com/csp/article/K25434422"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "NGINX Controller",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "3.0.0-3.4.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In NGINX Controller 3.0.0-3.4.0, recovery code required to change a user\u0027s password is transmitted and stored in the database in plain text, which allows an attacker who can intercept the database connection or have read access to the database, to request a password reset using the email address of another registered user then retrieve the recovery code."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "account hijacking",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-07-01T14:01:58",
        "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
        "shortName": "f5"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.f5.com/csp/article/K25434422"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "f5sirt@f5.com",
          "ID": "CVE-2020-5899",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "NGINX Controller",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "3.0.0-3.4.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In NGINX Controller 3.0.0-3.4.0, recovery code required to change a user\u0027s password is transmitted and stored in the database in plain text, which allows an attacker who can intercept the database connection or have read access to the database, to request a password reset using the email address of another registered user then retrieve the recovery code."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "account hijacking"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.f5.com/csp/article/K25434422",
              "refsource": "MISC",
              "url": "https://support.f5.com/csp/article/K25434422"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
    "assignerShortName": "f5",
    "cveId": "CVE-2020-5899",
    "datePublished": "2020-07-01T14:01:58",
    "dateReserved": "2020-01-06T00:00:00",
    "dateUpdated": "2024-08-04T08:47:40.906Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2020-51553

CVE-2020-5899 (GCVE-0-2020-5899)

Tags

Sightings

Nomenclature