{ "id": "CVE-2020-5902", "sourceIdentifier": "f5sirt@f5.com", "published": "2020-07-01T15:15:15.360", "lastModified": "2025-01-29T21:15:09.890", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the Traffic Management User Interface (TMUI), also referred to as the Configuration utility, has a Remote Code Execution (RCE) vulnerability in undisclosed pages." }, { "lang": "es", "value": "En BIG-IP versiones 15.0.0 hasta 15.1.0.3, 14.1.0 hasta 14.1.2.5, 13.1.0 hasta 13.1.3.3, 12.1.0 hasta 12.1.5.1 y 11.6.1 hasta 11.6.5.1, el Traffic Management User Interface (TMUI), tambi\u00e9n se conoce como la utilidad de Configuraci\u00f3n, presenta una vulnerabilidad de Ejecuci\u00f3n de C\u00f3digo Remota (RCE) en p\u00e1ginas no reveladas" } ], "metrics": { "cvssMetricV31": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH" }, "exploitabilityScore": 3.9, "impactScore": 5.9 }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH" }, "exploitabilityScore": 3.9, "impactScore": 5.9 } ], "cvssMetricV2": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "baseScore": 10.0, "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "availabilityImpact": "COMPLETE" }, "baseSeverity": "HIGH", "exploitabilityScore": 10.0, "impactScore": 10.0, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false } ] }, "cisaExploitAdd": "2021-11-03", "cisaActionDue": "2022-05-03", "cisaRequiredAction": "Apply updates per vendor instructions.", "cisaVulnerabilityName": "F5 BIG-IP Traffic Management User Interface (TMUI) Remote Code Execution Vulnerability", "weaknesses": [ { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "CWE-22" } ] }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [ { "lang": "en", "value": "CWE-22" } ] } ], "configurations": [ { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "11.6.1", "versionEndExcluding": "11.6.5.2", "matchCriteriaId": "BB236652-BD60-4FEF-9D59-8B49FB3A7655" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "12.1.0", "versionEndExcluding": "12.1.5.2", "matchCriteriaId": "EE0532FA-7B7B-46B3-AB10-0920034A7E43" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "13.1.0", "versionEndExcluding": "13.1.3.4", "matchCriteriaId": "592327AA-BCC4-4CD0-82C6-EA739F049E82" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "14.1.0", "versionEndExcluding": "14.1.2.6", "matchCriteriaId": "3A49F18E-2004-4BDB-BA3F-93C52B23CCA9" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "15.0.0", "versionEndIncluding": "15.0.1.4", "matchCriteriaId": "65C2E51D-76FF-4604-B9A6-1EB48AAF1CA6" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "15.1.0", "versionEndExcluding": "15.1.0.4", "matchCriteriaId": "11F32785-49DA-4C57-AD28-BC630E55222A" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "11.6.1", "versionEndExcluding": "11.6.5.2", "matchCriteriaId": "ADB2B518-F813-4B11-BBF5-0BFB2979A6B8" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "12.1.0", "versionEndExcluding": "12.1.5.2", "matchCriteriaId": "3B3DCE49-C37D-4951-AB57-7CDDEBA1C1E5" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "13.1.0", "versionEndExcluding": "13.1.3.4", "matchCriteriaId": "3DD78D19-D17E-45EC-98C7-74D086AE68AA" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "14.1.0", "versionEndExcluding": "14.1.2.6", "matchCriteriaId": "0CDD8550-E2BC-44B4-857C-706D2DC769F0" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "15.0.0", "versionEndExcluding": "15.0.1.4", "matchCriteriaId": "5B59E16D-7645-492A-9C1D-A8724FFCA28F" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "15.1.0", "versionEndExcluding": "15.1.0.4", "matchCriteriaId": "EFB71683-C715-41DB-A42E-4269D26D5DD3" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*", "versionStartIncluding": "11.6.1", "versionEndExcluding": "11.6.5.2", "matchCriteriaId": "E64263B7-7BE1-472E-9130-7BC8F2932683" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*", "versionStartIncluding": "12.1.0", "versionEndExcluding": "12.1.5.2", "matchCriteriaId": "694C630B-5342-4C6C-A0FA-050B9C76936D" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*", "versionStartIncluding": "13.1.0", "versionEndExcluding": "13.1.3.4", "matchCriteriaId": "EC400989-FE65-4DEC-B9DD-7BEF6EB72DC0" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*", "versionStartIncluding": "14.1.0", "versionEndExcluding": "14.1.2.6", "matchCriteriaId": "708FD0A9-5167-45B5-80A1-85F105365C98" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*", "versionStartIncluding": "15.0.0", "versionEndExcluding": "15.0.1.4", "matchCriteriaId": "7FBF20C1-5B3C-4DC0-B6F7-4DB0205BF2B0" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*", "versionStartIncluding": "15.1.0", "versionEndExcluding": "15.1.0.4", "matchCriteriaId": "B8434935-CE50-4CE7-BA17-6966E71BC9FD" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", "versionStartIncluding": "11.6.1", "versionEndExcluding": "11.6.5.2", "matchCriteriaId": "31E16A1B-E305-4390-976C-5F33A82EF396" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", "versionStartIncluding": "12.1.0", "versionEndExcluding": "12.1.5.2", "matchCriteriaId": "0C3E75CB-C764-4868-8459-1FAC03506EE8" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", "versionStartIncluding": "13.1.0", "versionEndExcluding": "13.1.3.4", "matchCriteriaId": "F1C551C9-169C-450E-965A-4F9F3E2C785B" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", "versionStartIncluding": "14.1.0", "versionEndExcluding": "14.1.2.6", "matchCriteriaId": "32E6595B-27F1-4298-9B72-5618A5A0605A" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", "versionStartIncluding": "15.0.0", "versionEndExcluding": "15.0.1.4", "matchCriteriaId": "92F370C2-3C5A-416D-83C1-A4F84866E958" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", "versionStartIncluding": "15.1.0", "versionEndExcluding": "15.1.0.4", "matchCriteriaId": "B8E7820D-A574-41C8-A602-05A825F26726" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "11.6.1", "versionEndExcluding": "11.6.5.2", "matchCriteriaId": "0FB118FB-2EFB-4F17-B6E1-FC4B46B9C265" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "12.1.0", "versionEndExcluding": "12.1.5.2", "matchCriteriaId": "5D3F7911-FB00-4612-9109-9E7A407BC7B7" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "13.1.0", "versionEndExcluding": "13.1.3.4", "matchCriteriaId": "B547F46F-5563-4E7F-8B69-3D25C6C58521" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "14.1.0", "versionEndExcluding": "14.1.2.6", "matchCriteriaId": "6317DD02-5FC5-4476-8F63-8A7915440F94" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "15.0.0", "versionEndExcluding": "15.0.1.4", "matchCriteriaId": "997D12F1-098D-4C42-A6A2-B4F59AC78F0F" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "15.1.0", "versionEndExcluding": "15.1.0.4", "matchCriteriaId": "A7B37CD3-4B52-4761-9BEC-5D4CC57783B8" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "11.6.1", "versionEndExcluding": "11.6.5.2", "matchCriteriaId": "8999F566-9884-4CAA-BED7-8CF72F11E6F8" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "12.1.0", "versionEndExcluding": "12.1.5.2", "matchCriteriaId": "91BF72A9-EB50-4315-B956-5926967DCC46" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "13.1.0", "versionEndExcluding": "13.1.3.4", "matchCriteriaId": "4AEE0B76-3F8E-420A-9589-BF3FDB942DEB" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "14.1.0", "versionEndExcluding": "14.1.2.6", "matchCriteriaId": "BA19452D-9C3D-41FB-8606-51F90126B2A0" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "15.0.0", "versionEndExcluding": "15.0.1.4", "matchCriteriaId": "E6C4B56F-D022-4268-9D78-6E4D12AE9215" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "15.1.0", "versionEndExcluding": "15.1.0.4", "matchCriteriaId": "A4C4B36F-ABA3-4C9C-BE94-389A91185CE5" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*", "versionStartIncluding": "11.6.1", "versionEndExcluding": "11.6.5.2", "matchCriteriaId": "EC8B0F64-D0FC-4CC9-94CA-38A55043C529" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*", "versionStartIncluding": "12.1.0", "versionEndExcluding": "12.1.5.2", "matchCriteriaId": "39AECFF0-3A86-45A4-AB7F-DCC3717E8E97" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*", "versionStartIncluding": "13.1.0", "versionEndExcluding": "13.1.3.4", "matchCriteriaId": "3F8B4719-B7C7-4383-B74B-119DD5F51773" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*", "versionStartIncluding": "14.1.0", "versionEndExcluding": "14.1.2.6", "matchCriteriaId": "FE999923-5893-44D4-9212-E94990A3F1A7" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*", "versionStartIncluding": "15.0.0", "versionEndExcluding": "15.0.1.4", "matchCriteriaId": "62F2CBB9-C4FE-4065-8F13-E677E572F4B9" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*", "versionStartIncluding": "15.1.0", "versionEndExcluding": "15.1.0.4", "matchCriteriaId": "1E34F61C-1C60-4BA7-A282-C5B295A7241C" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", "versionStartIncluding": "11.6.1", "versionEndExcluding": "11.6.5.2", "matchCriteriaId": "F997F6D8-D08D-4EB0-BEA7-288AEFD6F28C" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", "versionStartIncluding": "12.1.0", "versionEndExcluding": "12.1.5.2", "matchCriteriaId": "73EC8EDA-669A-4750-934F-3B3FBF557080" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", "versionStartIncluding": "13.1.0", "versionEndExcluding": "13.1.3.4", "matchCriteriaId": "C7917031-0735-483C-A8DA-11430056D568" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", "versionStartIncluding": "14.1.0", "versionEndExcluding": "14.1.2.6", "matchCriteriaId": "357FD2B0-3437-4D26-9D84-FE1449E37A74" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", "versionStartIncluding": "15.0.0", "versionEndExcluding": "15.0.1.4", "matchCriteriaId": "EAFC0D83-7F64-44F2-A014-37DE3CAF846A" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", "versionStartIncluding": "15.1.0", "versionEndExcluding": "15.1.0.4", "matchCriteriaId": "0DB7EE01-966A-40EB-8F49-AFE22B1FAF31" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*", "versionStartIncluding": "11.6.1", "versionEndExcluding": "11.6.5.2", "matchCriteriaId": "925DA0B2-7570-4819-845C-C35E5B168F80" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*", "versionStartIncluding": "12.1.0", "versionEndExcluding": "12.1.5.2", "matchCriteriaId": "A0581EEF-98E6-4961-8178-BA2D7647F931" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*", "versionStartIncluding": "13.1.0", "versionEndExcluding": "13.1.3.4", "matchCriteriaId": "FFC5C221-AE58-4580-876A-E5FD7970A695" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*", "versionStartIncluding": "14.1.0", "versionEndExcluding": "14.1.2.6", "matchCriteriaId": "5746AE6E-9D1B-4275-A756-4FFBEE9FC6D3" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*", "versionStartIncluding": "15.0.0", "versionEndExcluding": "15.0.1.4", "matchCriteriaId": "920BC3DD-A1D4-403B-83D2-00636C20FFC0" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*", "versionStartIncluding": "15.1.0", "versionEndExcluding": "15.1.0.4", "matchCriteriaId": "3CD1518D-E884-4B38-96CB-2C02493352B3" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "11.6.1", "versionEndExcluding": "11.6.5.2", "matchCriteriaId": "A4A036A0-5E0C-4E64-B88D-D1B61257896E" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "12.1.0", "versionEndExcluding": "12.1.5.2", "matchCriteriaId": "32773569-67FE-4F08-A613-E507FCDEACEF" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "13.1.0", "versionEndExcluding": "13.1.3.4", "matchCriteriaId": "463AA399-492A-4DB6-BFD1-31725012AE8F" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "14.1.0", "versionEndExcluding": "14.1.2.6", "matchCriteriaId": "A52B5EA8-31E5-4CDB-81FB-3AE8251F29CF" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "15.0.0", "versionEndExcluding": "15.0.1.4", "matchCriteriaId": "49C8BE4A-DED6-451A-B6EE-AC95DD26F85A" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "15.1.0", "versionEndExcluding": "15.1.0.4", "matchCriteriaId": "AB170091-1F18-46D7-8164-ACC9B05954E3" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", "versionStartIncluding": "11.6.1", "versionEndExcluding": "11.6.5.2", "matchCriteriaId": "97AB336E-2A10-4508-9F20-DB54D628355F" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", "versionStartIncluding": "12.1.0", "versionEndExcluding": "12.1.5.2", "matchCriteriaId": "4494F771-4026-478C-8004-B162653DC80C" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", "versionStartIncluding": "13.1.0", "versionEndExcluding": "13.1.3.4", "matchCriteriaId": "98314370-E3C8-4CB5-9F48-57004EB96D8F" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", "versionStartIncluding": "14.1.0", "versionEndExcluding": "14.1.2.6", "matchCriteriaId": "2B1AC241-FE68-4275-8992-7575AA8AD118" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", "versionStartIncluding": "15.0.0", "versionEndExcluding": "15.0.1.4", "matchCriteriaId": "DEC0E30F-6550-4BC9-8DA7-6BD495DBF415" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", "versionStartIncluding": "15.1.0", "versionEndExcluding": "15.1.0.4", "matchCriteriaId": "D30769C3-F8CB-491A-8E51-0147AA07DDA4" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "11.6.1", "versionEndExcluding": "11.6.5.2", "matchCriteriaId": "54D289F0-1896-4996-AEDF-B299C6DB8945" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "12.1.0", "versionEndExcluding": "12.1.5.2", "matchCriteriaId": "A97489DC-A5DE-48AD-BBA2-F9078070F53A" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "13.1.0", "versionEndExcluding": "13.1.3.4", "matchCriteriaId": "FBF128B7-874B-4E3A-B52F-1C2DE34F64A9" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "14.1.0", "versionEndExcluding": "14.1.2.6", "matchCriteriaId": "29F4E502-D8D5-4719-986F-90BC08B3DC16" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "15.0.0", "versionEndExcluding": "15.0.1.4", "matchCriteriaId": "D5D90F4A-FA2A-412F-8591-D1CA6399ECAD" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "15.1.0", "versionEndExcluding": "15.1.0.4", "matchCriteriaId": "ABAFAE9B-AA80-4D3B-AA3A-4ED5C3BE6113" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "11.6.1", "versionEndExcluding": "11.6.5.2", "matchCriteriaId": "78F7A30F-4455-420D-9254-E9910E16EC3F" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "12.1.0", "versionEndExcluding": "12.1.5.2", "matchCriteriaId": "1EDB944B-DF60-45AF-AD60-33E9667E0D12" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "13.1.0", "versionEndExcluding": "13.1.3.4", "matchCriteriaId": "20C58940-C7A3-47A9-8C9E-7B652E4F4750" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "14.1.0", "versionEndExcluding": "14.1.2.6", "matchCriteriaId": "67516A0B-7359-42DE-B318-6979DEEFC229" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "15.0.0", "versionEndExcluding": "15.0.1.4", "matchCriteriaId": "BAD2867D-D646-4B01-A383-6A47B51D059E" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "15.1.0", "versionEndExcluding": "15.1.0.4", "matchCriteriaId": "7E314109-D770-4055-9248-2BE25B0EF084" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:ssl_orchestrator:*:*:*:*:*:*:*:*", "versionStartIncluding": "11.6.1", "versionEndExcluding": "11.6.5.2", "matchCriteriaId": "53F1F7BD-512D-46D4-A888-A2670DEB1C4F" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:ssl_orchestrator:*:*:*:*:*:*:*:*", "versionStartIncluding": "12.1.0", "versionEndExcluding": "12.1.5.2", "matchCriteriaId": "AE483701-8CB3-4745-BD47-B022EBEA2CA9" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:ssl_orchestrator:*:*:*:*:*:*:*:*", "versionStartIncluding": "13.1.0", "versionEndExcluding": "13.1.3.4", "matchCriteriaId": "57A7A47C-DBC5-4D1B-9C54-4A04C16BD904" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:ssl_orchestrator:*:*:*:*:*:*:*:*", "versionStartIncluding": "14.1.0", "versionEndExcluding": "14.1.2.6", "matchCriteriaId": "6B4BC535-7F99-45F4-9094-29B52DEB8168" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:ssl_orchestrator:*:*:*:*:*:*:*:*", "versionStartIncluding": "15.0.0", "versionEndExcluding": "15.0.1.4", "matchCriteriaId": "4F54A8AE-61F3-4F43-82BF-55842B56064A" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:ssl_orchestrator:*:*:*:*:*:*:*:*", "versionStartIncluding": "15.1.0", "versionEndExcluding": "15.1.0.4", "matchCriteriaId": "0F20F608-2930-41F2-A720-B8638395FF44" } ] } ] } ], "references": [ { "url": "http://packetstormsecurity.com/files/158333/BIG-IP-TMUI-Remote-Code-Execution.html", "source": "f5sirt@f5.com", "tags": [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url": "http://packetstormsecurity.com/files/158334/BIG-IP-TMUI-Remote-Code-Execution.html", "source": "f5sirt@f5.com", "tags": [ "Third Party Advisory", "VDB Entry" ] }, { "url": "http://packetstormsecurity.com/files/158366/F5-BIG-IP-TMUI-Directory-Traversal-File-Upload-Code-Execution.html", "source": "f5sirt@f5.com", "tags": [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url": "http://packetstormsecurity.com/files/158414/Checker-CVE-2020-5902.html", "source": "f5sirt@f5.com", "tags": [ "Third Party Advisory", "VDB Entry" ] }, { "url": "http://packetstormsecurity.com/files/158581/F5-Big-IP-13.1.3-Build-0.0.6-Local-File-Inclusion.html", "source": "f5sirt@f5.com", "tags": [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url": "http://packetstormsecurity.com/files/175671/F5-BIG-IP-TMUI-Directory-Traversal-File-Upload-Code-Execution.html", "source": "f5sirt@f5.com", "tags": [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url": "https://badpackets.net/over-3000-f5-big-ip-endpoints-vulnerable-to-cve-2020-5902/", "source": "f5sirt@f5.com", "tags": [ "Exploit", "Third Party Advisory" ] }, { "url": "https://github.com/Critical-Start/Team-Ares/tree/master/CVE-2020-5902", "source": "f5sirt@f5.com", "tags": [ "Broken Link", "Exploit", "Third Party Advisory" ] }, { "url": "https://support.f5.com/csp/article/K52145254", "source": "f5sirt@f5.com", "tags": [ "Vendor Advisory" ] }, { "url": "https://swarm.ptsecurity.com/rce-in-f5-big-ip/", "source": "f5sirt@f5.com", "tags": [ "Exploit", "Third Party Advisory" ] }, { "url": "https://www.criticalstart.com/f5-big-ip-remote-code-execution-exploit/", "source": "f5sirt@f5.com", "tags": [ "Exploit", "Third Party Advisory" ] }, { "url": "https://www.kb.cert.org/vuls/id/290915", "source": "f5sirt@f5.com", "tags": [ "Third Party Advisory", "US Government Resource" ] }, { "url": "http://packetstormsecurity.com/files/158333/BIG-IP-TMUI-Remote-Code-Execution.html", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url": "http://packetstormsecurity.com/files/158334/BIG-IP-TMUI-Remote-Code-Execution.html", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ] }, { "url": "http://packetstormsecurity.com/files/158366/F5-BIG-IP-TMUI-Directory-Traversal-File-Upload-Code-Execution.html", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url": "http://packetstormsecurity.com/files/158414/Checker-CVE-2020-5902.html", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ] }, { "url": "http://packetstormsecurity.com/files/158581/F5-Big-IP-13.1.3-Build-0.0.6-Local-File-Inclusion.html", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url": "http://packetstormsecurity.com/files/175671/F5-BIG-IP-TMUI-Directory-Traversal-File-Upload-Code-Execution.html", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url": "https://badpackets.net/over-3000-f5-big-ip-endpoints-vulnerable-to-cve-2020-5902/", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Third Party Advisory" ] }, { "url": "https://github.com/Critical-Start/Team-Ares/tree/master/CVE-2020-5902", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link", "Exploit", "Third Party Advisory" ] }, { "url": "https://support.f5.com/csp/article/K52145254", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ] }, { "url": "https://swarm.ptsecurity.com/rce-in-f5-big-ip/", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Third Party Advisory" ] }, { "url": "https://www.criticalstart.com/f5-big-ip-remote-code-execution-exploit/", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Third Party Advisory" ] }, { "url": "https://www.kb.cert.org/vuls/id/290915", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "US Government Resource" ] } ] }