CVE-2020-5902 - F5 Networks TMUI RCE vulnerability

F5 Networks have posted a vulnerability advisory relating to remote code execution via the management interface of F5 devices. 

RedShield cloud customers are not affected by this vulnerability. On-Premise customers have been contacted and upgrades are in progress to affected systems. 

CVSSv3 Score: 10.0

Severity: Critical

 "This vulnerability allows for unauthenticated attackers, or authenticated users, with network access to the TMUI, through the BIG-IP management port and/or Self IPs, to execute arbitrary system commands, create or delete files, disable services, and/or execute arbitrary Java code. This vulnerability may result in complete system compromise. The BIG-IP system in Appliance mode is also vulnerable. This issue is not exposed on the data plane; only the control plane is affected."

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request