Lucene search

K
ptsecurityPositive TechnologiesPT-2020-05
HistoryJan 04, 2020 - 12:00 a.m.

PT-2020-05: Cross-site scripting (XSS) in F5 Traffic Management User Interface (TMUI)

2020-01-0400:00:00
Positive Technologies
www.ptsecurity.com
15

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

43.9%

PT-2020-05: Cross-site scripting (XSS) in F5 Traffic Management User Interface (TMUI)

F5 Traffic Management User Interface (TMUI)

Severity:

Severity level: High
Impact: Cross-site scripting (XSS) in F5 Traffic Management User Interface (TMUI)
Access Vector: Remote

CVSS v3.1: Base 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

CVE: CVE-2020-5903

Vulnerability description:

The vulnerability allows remote attackers to execute malicious JavaScript code in the context of the current user. If the logged-on user has administrative rights and Advanced Shell (bash) access, an attacker who successfully exploited the vulnerability could fully compromise the BIG-IP system.

Advisory status:

01.04.2020 - Vendor notification date
01.07.2020 - Security advisory publication date (<https://support.f5.com/csp/article/K43638305&gt;)

Credits:

The vulnerability was discovered by Mikhail Klyuchnikov, Positive Technologies

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

43.9%