CVE-2020-5902

In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the Traffic Management User Interface (TMUI), also referred to as the Configuration utility, has a Remote Code Execution (RCE) vulnerability in undisclosed pages.

CVSS v3 9.8 CRITICAL
CVSS v2.0 10.0 HIGH

9.8^/10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

10.0^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://packetstormsecurity.com/files/158333/BIG-IP-TMUI-Remote-Code-Execution.html	Exploit Third Party Advisory VDB Entry
http://packetstormsecurity.com/files/158334/BIG-IP-TMUI-Remote-Code-Execution.html	Third Party Advisory VDB Entry
http://packetstormsecurity.com/files/158366/F5-BIG-IP-TMUI-Directory-Traversal-File-Upload-Code-Execution.html	Exploit Third Party Advisory VDB Entry
http://packetstormsecurity.com/files/158414/Checker-CVE-2020-5902.html	Third Party Advisory VDB Entry
http://packetstormsecurity.com/files/158581/F5-Big-IP-13.1.3-Build-0.0.6-Local-File-Inclusion.html	Exploit Third Party Advisory VDB Entry
http://packetstormsecurity.com/files/175671/F5-BIG-IP-TMUI-Directory-Traversal-File-Upload-Code-Execution.html	Exploit Third Party Advisory VDB Entry
https://badpackets.net/over-3000-f5-big-ip-endpoints-vulnerable-to-cve-2020-5902/	Exploit Third Party Advisory
https://github.com/Critical-Start/Team-Ares/tree/master/CVE-2020-5902	Broken Link Exploit Third Party Advisory
https://support.f5.com/csp/article/K52145254	Vendor Advisory
https://swarm.ptsecurity.com/rce-in-f5-big-ip/	Exploit Third Party Advisory
https://www.criticalstart.com/f5-big-ip-remote-code-execution-exploit/	Exploit Third Party Advisory
https://www.kb.cert.org/vuls/id/290915	Third Party Advisory US Government Resource

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:f5:big-ip_access_policy_manager::::::::
	cpe:2.3:a:f5:big-ip_access_policy_manager::::::::
	cpe:2.3:a:f5:big-ip_access_policy_manager::::::::
	cpe:2.3:a:f5:big-ip_access_policy_manager::::::::
	cpe:2.3:a:f5:big-ip_access_policy_manager::::::::
	cpe:2.3:a:f5:big-ip_access_policy_manager::::::::
	cpe:2.3:a:f5:big-ip_advanced_firewall_manager::::::::
	cpe:2.3:a:f5:big-ip_advanced_firewall_manager::::::::
	cpe:2.3:a:f5:big-ip_advanced_firewall_manager::::::::
	cpe:2.3:a:f5:big-ip_advanced_firewall_manager::::::::
	cpe:2.3:a:f5:big-ip_advanced_firewall_manager::::::::
	cpe:2.3:a:f5:big-ip_advanced_firewall_manager::::::::
	cpe:2.3:a:f5:big-ip_advanced_web_application_firewall::::::::
	cpe:2.3:a:f5:big-ip_advanced_web_application_firewall::::::::
	cpe:2.3:a:f5:big-ip_advanced_web_application_firewall::::::::
	cpe:2.3:a:f5:big-ip_advanced_web_application_firewall::::::::
	cpe:2.3:a:f5:big-ip_advanced_web_application_firewall::::::::
	cpe:2.3:a:f5:big-ip_advanced_web_application_firewall::::::::
	cpe:2.3:a:f5:big-ip_analytics::::::::
	cpe:2.3:a:f5:big-ip_analytics::::::::
	cpe:2.3:a:f5:big-ip_analytics::::::::
	cpe:2.3:a:f5:big-ip_analytics::::::::
	cpe:2.3:a:f5:big-ip_analytics::::::::
	cpe:2.3:a:f5:big-ip_analytics::::::::
	cpe:2.3:a:f5:big-ip_application_acceleration_manager::::::::
	cpe:2.3:a:f5:big-ip_application_acceleration_manager::::::::
	cpe:2.3:a:f5:big-ip_application_acceleration_manager::::::::
	cpe:2.3:a:f5:big-ip_application_acceleration_manager::::::::
	cpe:2.3:a:f5:big-ip_application_acceleration_manager::::::::
	cpe:2.3:a:f5:big-ip_application_acceleration_manager::::::::
	cpe:2.3:a:f5:big-ip_application_security_manager::::::::
	cpe:2.3:a:f5:big-ip_application_security_manager::::::::
	cpe:2.3:a:f5:big-ip_application_security_manager::::::::
	cpe:2.3:a:f5:big-ip_application_security_manager::::::::
	cpe:2.3:a:f5:big-ip_application_security_manager::::::::
	cpe:2.3:a:f5:big-ip_application_security_manager::::::::
	cpe:2.3:a:f5:big-ip_ddos_hybrid_defender::::::::
	cpe:2.3:a:f5:big-ip_ddos_hybrid_defender::::::::
	cpe:2.3:a:f5:big-ip_ddos_hybrid_defender::::::::
	cpe:2.3:a:f5:big-ip_ddos_hybrid_defender::::::::
	cpe:2.3:a:f5:big-ip_ddos_hybrid_defender::::::::
	cpe:2.3:a:f5:big-ip_ddos_hybrid_defender::::::::
	cpe:2.3:a:f5:big-ip_domain_name_system::::::::
	cpe:2.3:a:f5:big-ip_domain_name_system::::::::
	cpe:2.3:a:f5:big-ip_domain_name_system::::::::
	cpe:2.3:a:f5:big-ip_domain_name_system::::::::
	cpe:2.3:a:f5:big-ip_domain_name_system::::::::
	cpe:2.3:a:f5:big-ip_domain_name_system::::::::
	cpe:2.3:a:f5:big-ip_fraud_protection_service::::::::
	cpe:2.3:a:f5:big-ip_fraud_protection_service::::::::
	cpe:2.3:a:f5:big-ip_fraud_protection_service::::::::
	cpe:2.3:a:f5:big-ip_fraud_protection_service::::::::
	cpe:2.3:a:f5:big-ip_fraud_protection_service::::::::
	cpe:2.3:a:f5:big-ip_fraud_protection_service::::::::
	cpe:2.3:a:f5:big-ip_global_traffic_manager::::::::
	cpe:2.3:a:f5:big-ip_global_traffic_manager::::::::
	cpe:2.3:a:f5:big-ip_global_traffic_manager::::::::
	cpe:2.3:a:f5:big-ip_global_traffic_manager::::::::
	cpe:2.3:a:f5:big-ip_global_traffic_manager::::::::
	cpe:2.3:a:f5:big-ip_global_traffic_manager::::::::
	cpe:2.3:a:f5:big-ip_link_controller::::::::
	cpe:2.3:a:f5:big-ip_link_controller::::::::
	cpe:2.3:a:f5:big-ip_link_controller::::::::
	cpe:2.3:a:f5:big-ip_link_controller::::::::
cpe:2.3:a:f5:big-ip_link_controller::::::::
cpe:2.3:a:f5:big-ip_link_controller::::::::
cpe:2.3:a:f5:big-ip_local_traffic_manager::::::::
cpe:2.3:a:f5:big-ip_local_traffic_manager::::::::
cpe:2.3:a:f5:big-ip_local_traffic_manager::::::::
cpe:2.3:a:f5:big-ip_local_traffic_manager::::::::
cpe:2.3:a:f5:big-ip_local_traffic_manager::::::::
cpe:2.3:a:f5:big-ip_local_traffic_manager::::::::
cpe:2.3:a:f5:big-ip_policy_enforcement_manager::::::::
cpe:2.3:a:f5:big-ip_policy_enforcement_manager::::::::
cpe:2.3:a:f5:big-ip_policy_enforcement_manager::::::::
cpe:2.3:a:f5:big-ip_policy_enforcement_manager::::::::
cpe:2.3:a:f5:big-ip_policy_enforcement_manager::::::::
cpe:2.3:a:f5:big-ip_policy_enforcement_manager::::::::
cpe:2.3:a:f5:ssl_orchestrator::::::::
cpe:2.3:a:f5:ssl_orchestrator::::::::
cpe:2.3:a:f5:ssl_orchestrator::::::::
cpe:2.3:a:f5:ssl_orchestrator::::::::
cpe:2.3:a:f5:ssl_orchestrator::::::::
cpe:2.3:a:f5:ssl_orchestrator::::::::

History

No history.

Information

Published : 2020-07-01 15:15

Updated : 2024-07-25 16:42

NVD link : CVE-2020-5902

Mitre link : CVE-2020-5902

CVE.ORG link : CVE-2020-5902

JSON object : View

Products Affected

big-ip_local_traffic_manager
big-ip_analytics
big-ip_fraud_protection_service
big-ip_global_traffic_manager
big-ip_link_controller
big-ip_application_acceleration_manager
big-ip_domain_name_system
big-ip_application_security_manager
big-ip_ddos_hybrid_defender
big-ip_advanced_web_application_firewall
big-ip_policy_enforcement_manager
ssl_orchestrator
big-ip_advanced_firewall_manager
big-ip_access_policy_manager

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

{"id": "CVE-2020-5902", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2020-07-01T15:15:15.360", "references": [{"url": "http://packetstormsecurity.com/files/158333/BIG-IP-TMUI-Remote-Code-Execution.html", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "source": "f5sirt@f5.com"}, {"url": "http://packetstormsecurity.com/files/158334/BIG-IP-TMUI-Remote-Code-Execution.html", "tags": ["Third Party Advisory", "VDB Entry"], "source": "f5sirt@f5.com"}, {"url": "http://packetstormsecurity.com/files/158366/F5-BIG-IP-TMUI-Directory-Traversal-File-Upload-Code-Execution.html", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "source": "f5sirt@f5.com"}, {"url": "http://packetstormsecurity.com/files/158414/Checker-CVE-2020-5902.html", "tags": ["Third Party Advisory", "VDB Entry"], "source": "f5sirt@f5.com"}, {"url": "http://packetstormsecurity.com/files/158581/F5-Big-IP-13.1.3-Build-0.0.6-Local-File-Inclusion.html", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "source": "f5sirt@f5.com"}, {"url": "http://packetstormsecurity.com/files/175671/F5-BIG-IP-TMUI-Directory-Traversal-File-Upload-Code-Execution.html", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "source": "f5sirt@f5.com"}, {"url": "https://badpackets.net/over-3000-f5-big-ip-endpoints-vulnerable-to-cve-2020-5902/", "tags": ["Exploit", "Third Party Advisory"], "source": "f5sirt@f5.com"}, {"url": "https://github.com/Critical-Start/Team-Ares/tree/master/CVE-2020-5902", "tags": ["Broken Link", "Exploit", "Third Party Advisory"], "source": "f5sirt@f5.com"}, {"url": "https://support.f5.com/csp/article/K52145254", "tags": ["Vendor Advisory"], "source": "f5sirt@f5.com"}, {"url": "https://swarm.ptsecurity.com/rce-in-f5-big-ip/", "tags": ["Exploit", "Third Party Advisory"], "source": "f5sirt@f5.com"}, {"url": "https://www.criticalstart.com/f5-big-ip-remote-code-execution-exploit/", "tags": ["Exploit", "Third Party Advisory"], "source": "f5sirt@f5.com"}, {"url": "https://www.kb.cert.org/vuls/id/290915", "tags": ["Third Party Advisory", "US Government Resource"], "source": "f5sirt@f5.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the Traffic Management User Interface (TMUI), also referred to as the Configuration utility, has a Remote Code Execution (RCE) vulnerability in undisclosed pages."}, {"lang": "es", "value": "En BIG-IP versiones 15.0.0 hasta 15.1.0.3, 14.1.0 hasta 14.1.2.5, 13.1.0 hasta 13.1.3.3, 12.1.0 hasta 12.1.5.1 y 11.6.1 hasta 11.6.5.1, el Traffic Management User Interface (TMUI), tambi\u00e9n se conoce como la utilidad de Configuraci\u00f3n, presenta una vulnerabilidad de Ejecuci\u00f3n de C\u00f3digo Remota (RCE) en p\u00e1ginas no reveladas"}], "lastModified": "2024-07-25T16:42:50.637", "cisaActionDue": "2022-05-03", "cisaExploitAdd": "2021-11-03", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BB236652-BD60-4FEF-9D59-8B49FB3A7655", "versionEndExcluding": "11.6.5.2", "versionStartIncluding": "11.6.1"}, {"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EE0532FA-7B7B-46B3-AB10-0920034A7E43", "versionEndExcluding": "12.1.5.2", "versionStartIncluding": "12.1.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "592327AA-BCC4-4CD0-82C6-EA739F049E82", "versionEndExcluding": "13.1.3.4", "versionStartIncluding": "13.1.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3A49F18E-2004-4BDB-BA3F-93C52B23CCA9", "versionEndExcluding": "14.1.2.6", "versionStartIncluding": "14.1.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "65C2E51D-76FF-4604-B9A6-1EB48AAF1CA6", "versionEndIncluding": "15.0.1.4", "versionStartIncluding": "15.0.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "11F32785-49DA-4C57-AD28-BC630E55222A", "versionEndExcluding": "15.1.0.4", "versionStartIncluding": "15.1.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ADB2B518-F813-4B11-BBF5-0BFB2979A6B8", "versionEndExcluding": "11.6.5.2", "versionStartIncluding": "11.6.1"}, {"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3B3DCE49-C37D-4951-AB57-7CDDEBA1C1E5", "versionEndExcluding": "12.1.5.2", "versionStartIncluding": "12.1.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3DD78D19-D17E-45EC-98C7-74D086AE68AA", "versionEndExcluding": "13.1.3.4", "versionStartIncluding": "13.1.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0CDD8550-E2BC-44B4-857C-706D2DC769F0", "versionEndExcluding": "14.1.2.6", "versionStartIncluding": "14.1.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5B59E16D-7645-492A-9C1D-A8724FFCA28F", "versionEndExcluding": "15.0.1.4", "versionStartIncluding": "15.0.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EFB71683-C715-41DB-A42E-4269D26D5DD3", "versionEndExcluding": "15.1.0.4", "versionStartIncluding": "15.1.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E64263B7-7BE1-472E-9130-7BC8F2932683", "versionEndExcluding": "11.6.5.2", "versionStartIncluding": "11.6.1"}, {"criteria": "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "694C630B-5342-4C6C-A0FA-050B9C76936D", "versionEndExcluding": "12.1.5.2", "versionStartIncluding": "12.1.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EC400989-FE65-4DEC-B9DD-7BEF6EB72DC0", "versionEndExcluding": "13.1.3.4", "versionStartIncluding": "13.1.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "708FD0A9-5167-45B5-80A1-85F105365C98", "versionEndExcluding": "14.1.2.6", "versionStartIncluding": "14.1.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7FBF20C1-5B3C-4DC0-B6F7-4DB0205BF2B0", "versionEndExcluding": "15.0.1.4", "versionStartIncluding": "15.0.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B8434935-CE50-4CE7-BA17-6966E71BC9FD", "versionEndExcluding": "15.1.0.4", "versionStartIncluding": "15.1.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "31E16A1B-E305-4390-976C-5F33A82EF396", "versionEndExcluding": "11.6.5.2", "versionStartIncluding": "11.6.1"}, {"criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0C3E75CB-C764-4868-8459-1FAC03506EE8", "versionEndExcluding": "12.1.5.2", "versionStartIncluding": "12.1.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F1C551C9-169C-450E-965A-4F9F3E2C785B", "versionEndExcluding": "13.1.3.4", "versionStartIncluding": "13.1.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "32E6595B-27F1-4298-9B72-5618A5A0605A", "versionEndExcluding": "14.1.2.6", "versionStartIncluding": "14.1.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "92F370C2-3C5A-416D-83C1-A4F84866E958", "versionEndExcluding": "15.0.1.4", "versionStartIncluding": "15.0.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B8E7820D-A574-41C8-A602-05A825F26726", "versionEndExcluding": "15.1.0.4", "versionStartIncluding": "15.1.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0FB118FB-2EFB-4F17-B6E1-FC4B46B9C265", "versionEndExcluding": "11.6.5.2", "versionStartIncluding": "11.6.1"}, {"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5D3F7911-FB00-4612-9109-9E7A407BC7B7", "versionEndExcluding": "12.1.5.2", "versionStartIncluding": "12.1.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B547F46F-5563-4E7F-8B69-3D25C6C58521", "versionEndExcluding": "13.1.3.4", "versionStartIncluding": "13.1.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6317DD02-5FC5-4476-8F63-8A7915440F94", "versionEndExcluding": "14.1.2.6", "versionStartIncluding": "14.1.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "997D12F1-098D-4C42-A6A2-B4F59AC78F0F", "versionEndExcluding": "15.0.1.4", "versionStartIncluding": "15.0.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A7B37CD3-4B52-4761-9BEC-5D4CC57783B8", "versionEndExcluding": "15.1.0.4", "versionStartIncluding": "15.1.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8999F566-9884-4CAA-BED7-8CF72F11E6F8", "versionEndExcluding": "11.6.5.2", "versionStartIncluding": "11.6.1"}, {"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "91BF72A9-EB50-4315-B956-5926967DCC46", "versionEndExcluding": "12.1.5.2", "versionStartIncluding": "12.1.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4AEE0B76-3F8E-420A-9589-BF3FDB942DEB", "versionEndExcluding": "13.1.3.4", "versionStartIncluding": "13.1.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BA19452D-9C3D-41FB-8606-51F90126B2A0", "versionEndExcluding": "14.1.2.6", "versionStartIncluding": "14.1.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E6C4B56F-D022-4268-9D78-6E4D12AE9215", "versionEndExcluding": "15.0.1.4", "versionStartIncluding": "15.0.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A4C4B36F-ABA3-4C9C-BE94-389A91185CE5", "versionEndExcluding": "15.1.0.4", "versionStartIncluding": "15.1.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EC8B0F64-D0FC-4CC9-94CA-38A55043C529", "versionEndExcluding": "11.6.5.2", "versionStartIncluding": "11.6.1"}, {"criteria": "cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "39AECFF0-3A86-45A4-AB7F-DCC3717E8E97", "versionEndExcluding": "12.1.5.2", "versionStartIncluding": "12.1.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3F8B4719-B7C7-4383-B74B-119DD5F51773", "versionEndExcluding": "13.1.3.4", "versionStartIncluding": "13.1.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FE999923-5893-44D4-9212-E94990A3F1A7", "versionEndExcluding": "14.1.2.6", "versionStartIncluding": "14.1.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "62F2CBB9-C4FE-4065-8F13-E677E572F4B9", "versionEndExcluding": "15.0.1.4", "versionStartIncluding": "15.0.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1E34F61C-1C60-4BA7-A282-C5B295A7241C", "versionEndExcluding": "15.1.0.4", "versionStartIncluding": "15.1.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F997F6D8-D08D-4EB0-BEA7-288AEFD6F28C", "versionEndExcluding": "11.6.5.2", "versionStartIncluding": "11.6.1"}, {"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "73EC8EDA-669A-4750-934F-3B3FBF557080", "versionEndExcluding": "12.1.5.2", "versionStartIncluding": "12.1.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C7917031-0735-483C-A8DA-11430056D568", "versionEndExcluding": "13.1.3.4", "versionStartIncluding": "13.1.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "357FD2B0-3437-4D26-9D84-FE1449E37A74", "versionEndExcluding": "14.1.2.6", "versionStartIncluding": "14.1.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EAFC0D83-7F64-44F2-A014-37DE3CAF846A", "versionEndExcluding": "15.0.1.4", "versionStartIncluding": "15.0.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0DB7EE01-966A-40EB-8F49-AFE22B1FAF31", "versionEndExcluding": "15.1.0.4", "versionStartIncluding": "15.1.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "925DA0B2-7570-4819-845C-C35E5B168F80", "versionEndExcluding": "11.6.5.2", "versionStartIncluding": "11.6.1"}, {"criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A0581EEF-98E6-4961-8178-BA2D7647F931", "versionEndExcluding": "12.1.5.2", "versionStartIncluding": "12.1.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FFC5C221-AE58-4580-876A-E5FD7970A695", "versionEndExcluding": "13.1.3.4", "versionStartIncluding": "13.1.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5746AE6E-9D1B-4275-A756-4FFBEE9FC6D3", "versionEndExcluding": "14.1.2.6", "versionStartIncluding": "14.1.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "920BC3DD-A1D4-403B-83D2-00636C20FFC0", "versionEndExcluding": "15.0.1.4", "versionStartIncluding": "15.0.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3CD1518D-E884-4B38-96CB-2C02493352B3", "versionEndExcluding": "15.1.0.4", "versionStartIncluding": "15.1.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A4A036A0-5E0C-4E64-B88D-D1B61257896E", "versionEndExcluding": "11.6.5.2", "versionStartIncluding": "11.6.1"}, {"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "32773569-67FE-4F08-A613-E507FCDEACEF", "versionEndExcluding": "12.1.5.2", "versionStartIncluding": "12.1.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "463AA399-492A-4DB6-BFD1-31725012AE8F", "versionEndExcluding": "13.1.3.4", "versionStartIncluding": "13.1.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A52B5EA8-31E5-4CDB-81FB-3AE8251F29CF", "versionEndExcluding": "14.1.2.6", "versionStartIncluding": "14.1.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "49C8BE4A-DED6-451A-B6EE-AC95DD26F85A", "versionEndExcluding": "15.0.1.4", "versionStartIncluding": "15.0.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AB170091-1F18-46D7-8164-ACC9B05954E3", "versionEndExcluding": "15.1.0.4", "versionStartIncluding": "15.1.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "97AB336E-2A10-4508-9F20-DB54D628355F", "versionEndExcluding": "11.6.5.2", "versionStartIncluding": "11.6.1"}, {"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4494F771-4026-478C-8004-B162653DC80C", "versionEndExcluding": "12.1.5.2", "versionStartIncluding": "12.1.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "98314370-E3C8-4CB5-9F48-57004EB96D8F", "versionEndExcluding": "13.1.3.4", "versionStartIncluding": "13.1.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2B1AC241-FE68-4275-8992-7575AA8AD118", "versionEndExcluding": "14.1.2.6", "versionStartIncluding": "14.1.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DEC0E30F-6550-4BC9-8DA7-6BD495DBF415", "versionEndExcluding": "15.0.1.4", "versionStartIncluding": "15.0.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D30769C3-F8CB-491A-8E51-0147AA07DDA4", "versionEndExcluding": "15.1.0.4", "versionStartIncluding": "15.1.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "54D289F0-1896-4996-AEDF-B299C6DB8945", "versionEndExcluding": "11.6.5.2", "versionStartIncluding": "11.6.1"}, {"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A97489DC-A5DE-48AD-BBA2-F9078070F53A", "versionEndExcluding": "12.1.5.2", "versionStartIncluding": "12.1.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FBF128B7-874B-4E3A-B52F-1C2DE34F64A9", "versionEndExcluding": "13.1.3.4", "versionStartIncluding": "13.1.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "29F4E502-D8D5-4719-986F-90BC08B3DC16", "versionEndExcluding": "14.1.2.6", "versionStartIncluding": "14.1.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D5D90F4A-FA2A-412F-8591-D1CA6399ECAD", "versionEndExcluding": "15.0.1.4", "versionStartIncluding": "15.0.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ABAFAE9B-AA80-4D3B-AA3A-4ED5C3BE6113", "versionEndExcluding": "15.1.0.4", "versionStartIncluding": "15.1.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "78F7A30F-4455-420D-9254-E9910E16EC3F", "versionEndExcluding": "11.6.5.2", "versionStartIncluding": "11.6.1"}, {"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1EDB944B-DF60-45AF-AD60-33E9667E0D12", "versionEndExcluding": "12.1.5.2", "versionStartIncluding": "12.1.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "20C58940-C7A3-47A9-8C9E-7B652E4F4750", "versionEndExcluding": "13.1.3.4", "versionStartIncluding": "13.1.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "67516A0B-7359-42DE-B318-6979DEEFC229", "versionEndExcluding": "14.1.2.6", "versionStartIncluding": "14.1.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BAD2867D-D646-4B01-A383-6A47B51D059E", "versionEndExcluding": "15.0.1.4", "versionStartIncluding": "15.0.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7E314109-D770-4055-9248-2BE25B0EF084", "versionEndExcluding": "15.1.0.4", "versionStartIncluding": "15.1.0"}, {"criteria": "cpe:2.3:a:f5:ssl_orchestrator:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "53F1F7BD-512D-46D4-A888-A2670DEB1C4F", "versionEndExcluding": "11.6.5.2", "versionStartIncluding": "11.6.1"}, {"criteria": "cpe:2.3:a:f5:ssl_orchestrator:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AE483701-8CB3-4745-BD47-B022EBEA2CA9", "versionEndExcluding": "12.1.5.2", "versionStartIncluding": "12.1.0"}, {"criteria": "cpe:2.3:a:f5:ssl_orchestrator:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "57A7A47C-DBC5-4D1B-9C54-4A04C16BD904", "versionEndExcluding": "13.1.3.4", "versionStartIncluding": "13.1.0"}, {"criteria": "cpe:2.3:a:f5:ssl_orchestrator:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6B4BC535-7F99-45F4-9094-29B52DEB8168", "versionEndExcluding": "14.1.2.6", "versionStartIncluding": "14.1.0"}, {"criteria": "cpe:2.3:a:f5:ssl_orchestrator:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4F54A8AE-61F3-4F43-82BF-55842B56064A", "versionEndExcluding": "15.0.1.4", "versionStartIncluding": "15.0.0"}, {"criteria": "cpe:2.3:a:f5:ssl_orchestrator:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0F20F608-2930-41F2-A720-B8638395FF44", "versionEndExcluding": "15.1.0.4", "versionStartIncluding": "15.1.0"}], "operator": "OR"}]}], "sourceIdentifier": "f5sirt@f5.com", "cisaRequiredAction": "Apply updates per vendor instructions.", "cisaVulnerabilityName": "F5 BIG-IP Traffic Management User Interface (TMUI) Remote Code Execution Vulnerability"}

9.8 /10