F5 BIG-IP - Remote Code Execution CVE-2020-5902
- Severity
- Vulnerability description
- Not available
- Risk description
- Not available
- Exploit capabilities
Sniper can gain unauthenticated Remote Code Execution on the target system and extract multiple artefacts as evidence.
- Recommendation
- Not available
- References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5902https://www.ptsecurity.com/ww-en/about/news/f5-fixes-critical-vulnerability-discovered-by-positive-technologies-in-big-ip-application-delivery-controller/https://research.nccgroup.com/2020/07/12/understanding-the-root-cause-of-f5-networks-k52145254-tmui-rce-vulnerability-cve-2020-5902/https://pentest-tools.com/blog/big-ip-tmui-rce/https://www.exploit-db.com/exploits/48642https://www.exploit-db.com/exploits/48643https://www.exploit-db.com/exploits/48711
- Codename
- Not available
- Detectable with
- Network Scanner
- Scan engine
- Sniper
- Cisa Kev
Yes- Exploitable with Sniper
- Yes
- CVE Published
- Jun 1, 2020
- Detection added at
- Software Type
- VPN gateway
- Vendor
- F5
- Product
- BIG IP
Detect & validate this vulnerability
Go beyond surface scans. Get real validation with proprietary tools designed to prove what’s exploitable in your environment.