F5 TMUI RCE vulnerability [CVE-2020-5902]

CVE Number – CVE-2020-5902

This vulnerability allows for unauthenticated attackers, or authenticated users, with network access to the TMUI, through the BIG-IP management port and/or Self IPs, to execute arbitrary system commands, create or delete files, disable services, and/or execute arbitrary Java code. This vulnerability may result in complete system compromise. The BIG-IP system in Appliance mode is also vulnerable. This issue is not exposed on the data plane; only the control plane is affected.

F5 Product Development has assigned IDs 895525, 900757, 895981, and 895993 (BIG-IP) to this vulnerability.

F5 recommends upgrading to a fixed software version to fully mitigate this vulnerability.

If you are leveraging public cloud marketplaces (AWS, Azure, GCP, and Alibaba) to deploy BIG-IP Virtual Edition (VE), F5 recommends upgrading to the latest releases of BIG-IP.

Further details – https://support.f5.com/csp/article/K52145254

Duncan Newell

Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: