VAR-202007-1103
Vulnerability from variot - Updated: 2023-12-18 12:42In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, the Neural Autonomic Transport System (NATS) messaging services in use by the NGINX Controller do not require any form of authentication, so any successful connection would be authorized. F5 NGINX Controller is a centralized monitoring and management platform for NGINX from F5 Corporation in the United States. The platform supports managing multiple NGINX instances using a visual interface. There is a security vulnerability in the NGINX controller NATS message service in F5 NGINX Controller version 1.0.1, 2.0.0 to 2.9.0, and 3.0.0 to 3.5.0. The vulnerability stems from the fact that the program does not perform any form of authentication . Attackers can use this vulnerability to eavesdrop on NATS connections and obtain data stored in message queues
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202007-1103",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "nginx controller",
"scope": "eq",
"trust": 1.8,
"vendor": "f5",
"version": "1.0.1"
},
{
"model": "nginx controller",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "3.0.0"
},
{
"model": "nginx controller",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "2.0.0"
},
{
"model": "nginx controller",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "2.9.0"
},
{
"model": "nginx controller",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "3.5.0"
},
{
"model": "nginx controller",
"scope": "eq",
"trust": 0.8,
"vendor": "f5",
"version": "2.0.0 \u304b\u3089 2.9.0"
},
{
"model": "nginx controller",
"scope": "eq",
"trust": 0.8,
"vendor": "f5",
"version": "3.0.0 \u304b\u3089 3.5.0"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-007700"
},
{
"db": "NVD",
"id": "CVE-2020-5910"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:f5:nginx_controller:1.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:nginx_controller:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.9.0",
"versionStartIncluding": "2.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:nginx_controller:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.5.0",
"versionStartIncluding": "3.0.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-5910"
}
]
},
"cve": "CVE-2020-5910",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2020-007700",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-184035",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-007700",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-5910",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2020-007700",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202007-106",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-184035",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-184035"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-007700"
},
{
"db": "NVD",
"id": "CVE-2020-5910"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-106"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, the Neural Autonomic Transport System (NATS) messaging services in use by the NGINX Controller do not require any form of authentication, so any successful connection would be authorized. F5 NGINX Controller is a centralized monitoring and management platform for NGINX from F5 Corporation in the United States. The platform supports managing multiple NGINX instances using a visual interface. There is a security vulnerability in the NGINX controller NATS message service in F5 NGINX Controller version 1.0.1, 2.0.0 to 2.9.0, and 3.0.0 to 3.5.0. The vulnerability stems from the fact that the program does not perform any form of authentication . Attackers can use this vulnerability to eavesdrop on NATS connections and obtain data stored in message queues",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-5910"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-007700"
},
{
"db": "VULHUB",
"id": "VHN-184035"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-5910",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2020-007700",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202007-106",
"trust": 0.7
},
{
"db": "NSFOCUS",
"id": "47053",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2264",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-184035",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-184035"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-007700"
},
{
"db": "NVD",
"id": "CVE-2020-5910"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-106"
}
]
},
"id": "VAR-202007-1103",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-184035"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:42:50.418000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "K59209532",
"trust": 0.8,
"url": "https://support.f5.com/csp/article/k59209532"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-007700"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-306",
"trust": 1.1
},
{
"problemtype": "CWE-287",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-184035"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-007700"
},
{
"db": "NVD",
"id": "CVE-2020-5910"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://support.f5.com/csp/article/k59209532"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-5910"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5910"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2264/"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/47053"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-184035"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-007700"
},
{
"db": "NVD",
"id": "CVE-2020-5910"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-106"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-184035"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-007700"
},
{
"db": "NVD",
"id": "CVE-2020-5910"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-106"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-07-02T00:00:00",
"db": "VULHUB",
"id": "VHN-184035"
},
{
"date": "2020-08-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-007700"
},
{
"date": "2020-07-02T13:15:10.373000",
"db": "NVD",
"id": "CVE-2020-5910"
},
{
"date": "2020-07-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202007-106"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-07-21T00:00:00",
"db": "VULHUB",
"id": "VHN-184035"
},
{
"date": "2020-08-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-007700"
},
{
"date": "2021-07-21T11:39:23.747000",
"db": "NVD",
"id": "CVE-2020-5910"
},
{
"date": "2020-07-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202007-106"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202007-106"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Neural Autonomic Transport System Authentication vulnerabilities in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-007700"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202007-106"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…