CVE-2020-5902
CRITICAL severity · CVSS 9.8 · Path traversal · actively exploited (CISA KEV)
9.8CVSS CRITICAL ● exploited ⚠ ransomware
🔴 Actively exploited in the wild (CISA Known Exploited Vulnerabilities).
⚠ Known use in ransomware campaigns. Added to KEV 2021-11-03. US federal agencies must patch by 2022-05-03.
Summary
In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the Traffic Management User Interface (TMUI), also referred to as the Configuration utility, has a Remote Code Execution (RCE) vulnerability in undisclosed pages.
Impact & exploitability
Attack vectorNetwork
Attack complexityLow
Privileges requiredNone
User interactionNone
Confidentiality impactHigh
Integrity impactHigh
Availability impactHigh
Exploit probability (EPSS)94%
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products we track (1)
Recommendation
This vulnerability is being actively exploited in the wild — patch affected products urgently. Open any affected product above for its exact safe version.
Additional information
- NVD record
- http://packetstormsecurity.com/files/158334/BIG-IP-TMUI-Remote-Code-Execution.htmlAdvisory
- http://packetstormsecurity.com/files/158414/Checker-CVE-2020-5902.htmlAdvisory
- http://packetstormsecurity.com/files/158333/BIG-IP-TMUI-Remote-Code-Execution.htmlAdvisory
- http://packetstormsecurity.com/files/158366/F5-BIG-IP-TMUI-Directory-Traversal-File-Upload-Code-Execution.htmlAdvisory
- http://packetstormsecurity.com/files/158581/F5-Big-IP-13.1.3-Build-0.0.6-Local-File-Inclusion.htmlAdvisory
- http://packetstormsecurity.com/files/175671/F5-BIG-IP-TMUI-Directory-Traversal-File-Upload-Code-Execution.htmlAdvisory
- https://badpackets.net/over-3000-f5-big-ip-endpoints-vulnerable-to-cve-2020-5902/Advisory
- https://github.com/Critical-Start/Team-Ares/tree/master/CVE-2020-5902Advisory