Positive TechnologiesPT-2020-04PT-2020-04: Arbitrary code execution in F5 Traffic Management User Interface (TMUI)
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
100.0%
PT-2020-04: Arbitrary code execution in F5 Traffic Management User Interface (TMUI)
F5 Traffic Management User Interface (TMUI)
Severity:
Severity level: High
Impact: Arbitrary code execution in F5 Traffic Management User Interface (TMUI)
Access Vector: Remote
CVSS v3.1: Base 10 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
CVE: CVE-2020-5902
Vulnerability description:
The vulnerability allows unauthorized remote attackers to execute malicious code on the system, obtain sensitive information, or hijack traffic, as well as use the server with the Traffic Management User Interface (TMUI) for attacks on other internal resources of the target organization.
Advisory status:
01.04.2020 - Vendor notification date
01.07.2020 - Security advisory publication date (<https://support.f5.com/csp/article/K52145254>)
Credits:
The vulnerability was discovered by Mikhail Klyuchnikov, Positive Technologies
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
100.0%