Vulnerability in Big-ip
CVE-2020-5902
In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the Traffic Management User Interface (TMUI), also referred to as the Configuration utility, has a Remote Code Execution (RCE) vuln…
EPSS: 0.944 (100.0th percentile) — read the EPSS interpretation.
Affected products
- N/a Big-ip — versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, 11.6.1-11.6.5.1
CISA KEV (Known Exploited Vulnerabilities)
This CVE is on the CISA KEV catalog, added on . CISA KEV inclusion means CISA has confirmed in-the-wild exploitation; US federal agencies are required to remediate within a published due date.
BOD 22-01 due date: .
Required action: Apply updates per vendor instructions.
Known ransomware campaign use: yes.
Public proof-of-concept exploits
References
- support.f5.com/csp/article/K52145254
- packetstormsecurity.com/files/158333/BIG-IP-TMUI-Remote-Code-Execution.html
- packetstormsecurity.com/files/158334/BIG-IP-TMUI-Remote-Code-Execution.html
- packetstormsecurity.com/files/158366/F5-BIG-IP-TMUI-Directory-Traversal-File-Up…
- VU#290915 (third-party-advisory)
- www.criticalstart.com/f5-big-ip-remote-code-execution-exploit/
- badpackets.net/over-3000-f5-big-ip-endpoints-vulnerable-to-cve-2020-5902/
- packetstormsecurity.com/files/158414/Checker-CVE-2020-5902.html
- github.com/Critical-Start/Team-Ares/tree/master/CVE-2020-5902
- packetstormsecurity.com/files/158581/F5-Big-IP-13.1.3-Build-0.0.6-Local-File-In…
Frequently asked questions
- What is CVE-2020-5902?
- CVE-2020-5902 is a vulnerability in Big-ip. Published 2020-07-01.
- Is CVE-2020-5902 known to be exploited?
- Yes. CVE-2020-5902 is listed in the CISA Known Exploited Vulnerabilities catalog (added 2021-11-03), indicating it is being actively exploited. 292 public proof-of-concept repositories are indexed.