BIG-IP Vulnerabilities Could be Big Trouble for Customers

  /     /     /  
Publicated : 23/11/2024   Category : security

BIG-IP Vulnerabilities Could be Big Trouble for Customers


Left unpatched, pair of vulnerabilities could give attackers wide access to a victims application delivery network.


Two vulnerabilities, including one with a Common Vulnerability Scoring System (CVSS) score of 10, have been discovered in the F5 BIG-IP application delivery controller. Both vulnerabilities have now been patched in updates available to BIG-IP customers.
The more serious of the two,
CVE-2020-5902
, was a remote code execution vulnerability in the Traffic Management User Interface (TMUI). By exploiting this vulnerability, an unauthorized user could create or delete files, disable services, intercept information, run arbitrary system commands and Java code, completely compromise the system, and pursue further targets. Positive Technologies researcher Mikhail Klyuchnikov noted that this vulnerability is especially dangerous for that minority of BIG-IP owners who have exposed the TMUI to the Internet, where it can be discovered by tools such as
Shodan
.
The other vulnerability,
CVE-2020-5903
, is a cross-site scripting vulnerability in the BIG-IP Configuration utility. It could allow JavaScript with the permission of the targeted user, in the worst case allowing for remote arbitrary code execution without authorization. This vulnerability received a CVSS score of 7.5.
Both vulnerabilities have been patched in the most recent versions of BIG-IP. Customers are urged to update vulnerable versions immediately.
Read more 
here
.

Last News

▸ ArcSight prepares for future at user conference post HP acquisition. ◂
Discovered: 07/01/2025
Category: security
▸ Samsung Epic 4G: First To Use Media Hub ◂
Discovered: 07/01/2025
Category: security
▸ Many third-party software fails security tests ◂
Discovered: 07/01/2025
Category: security


Cyber Security Categories
Google Dorks Database
 		Exploits Vulnerability
 		Exploit Shellcodes

CVE List
 		Tools/Apps
 		News/Aarticles

Phishing Database
 		Deepfake Detection
 		Trends/Statistics & Live Infos



Tags:
BIG-IP Vulnerabilities Could be Big Trouble for Customers