HomePentest-Tools.com Logo

F5 BIG-IP TMUI - Remote Code Execution CVE-2020-5902

Severity
CVSSv3 Score
9.8
Vulnerability description

F5 BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the Traffic Management User Interface (TMUI), also referred to as the Configuration utility, has a Remote Code Execution (RCE) vulnerability in undisclosed pages.

Risk description

The risk exists that a remote unauthenticated attacker can fully compromise the server to steal confidential information, install ransomware, or pivot to the internal network.

Recommendation

Apply the necessary security patches or upgrade to a non-vulnerable version of F5 BIG-IP TMUI.

Codename
Not available
Detectable with
Network Scanner
Scan engine
Nuclei
Exploitable with Sniper
No
CVE Published
Jul 1, 2020
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available