PT-2020-04: Arbitrary code execution in F5 Traffic Management User Interface (TMUI)

CRITICAL

(10.0) CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

THREATSCAPE

Analytics articles

10 December 2024
Artificial intelligence in cyberattacks
9 December 2024
A look at India through the dark web: what hackers are after
27 November 2024
Cyberthreats in the financial industry: H2 2023 – H1 2024

What are the security threats on your network?

Check your traffic-for free

Request pilot

Vulnerable product:

F5 Traffic Management User Interface (TMUI)

Severity:

Severity level: High
Impact: Arbitrary code execution in F5 Traffic Management User Interface (TMUI)
Access Vector: Remote

CVSS v3.1: Base 10 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CVE: CVE-2020-5902

Vulnerability description:

The vulnerability allows unauthorized remote attackers to execute malicious code on the system, obtain sensitive information, or hijack traffic, as well as use the server with the Traffic Management User Interface (TMUI) for attacks on other internal resources of the target organization.

Advisory status:

01.04.2020 - Vendor notification date
01.07.2020 - Security advisory publication date (https://support.f5.com/csp/article/K52145254)

Credits:

The vulnerability was discovered by Mikhail Klyuchnikov, Positive Technologies

Identifier:

CVE-2020-5902

Vendor:

F5 Networks

Vulnerable product:

Traffic Management User Interface

Get in touch

Fill in the form and our specialists
will contact you shortly

General
questions

We're happy to answer any questions you may have.

Partnership

Join us in making the world a safer place.

Pilot
application

Test drive our solutions with a customized pilot program.