Skip to main content

Public advisory of scammers impersonating CSA and the SPF

Stay vigilant. Read the public advisory

Cyber Security Agency of Singapore
  1. Home
  2. Alerts & Advisories
  3. Alerts
  4. Critical Vulnerability in BIG-IP Application Delivery Controller (CVE-2020-5902)
Alerts

Critical Vulnerability in BIG-IP Application Delivery Controller (CVE-2020-5902)

4 July 2020

F5 has released security updates for the BIG-IP Application Delivery Controller, addressing a critical vulnerability (CVE-2020-5902) with a Common Vulnerability Scoring System (CVSS) score of 10 out of 10. An unauthenticated remote attacker could compromise the system by sending a specifically crafted Hypertext Transfer Protocol (HTTP) request to the server hosting the Traffic Management User Interface (TMUI) utility for BIG-IP configuration.

Successful exploitation of the vulnerability could allow an unauthenticated attacker to execute arbitrary code on the affected systems remotely.

The versions known to be vulnerable are:

  • 11.6.1 - 11.6.5

  • 12.1.0 - 12.1.5

  • 13.1.0 - 13.1.3

  • 14.1.0 - 14.1.2

  • 15.1.0 and 15.0.0

Administrators and users of the affected versions are advised to install the latest security updates immediately.

More information is available at:
https://support.f5.com/csp/article/K52145254
https://www.ptsecurity.com/ww-en/about/news/f5-fixes-critical-vulnerability-discovered-by-positive-technologies-in-big-ip-application-delivery-controller/

Back to top