Vulnerable product:
F5 Traffic Management User Interface (TMUI)
Severity:
Severity level: High
Impact: Cross-site scripting (XSS) in F5 Traffic Management User Interface (TMUI)
Access Vector: Remote
CVSS v3.1: Base 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE: CVE-2020-5903
Vulnerability description:
The vulnerability allows remote attackers to execute malicious JavaScript code in the context of the current user. If the logged-on user has administrative rights and Advanced Shell (bash) access, an attacker who successfully exploited the vulnerability could fully compromise the BIG-IP system.
Advisory status:
01.04.2020 - Vendor notification date
01.07.2020 - Security advisory publication date (https://support.f5.com/csp/article/K43638305)
Credits:
The vulnerability was discovered by Mikhail Klyuchnikov, Positive Technologies
Get in touch
will contact you shortly