Severity rating: High
Software affected
F5 BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, FPS, GTM, Link
Controller, PEM) versions:
· 15.x versions 15.1.0 and 15.0.0
· 14.x versions from 14.1.0 to 14.1.2
· 13.x versions from 13.1.0 to 13.1.3
· 12.x versions from 12.1.0 to 12.1.5
Overview
A vulnerability has been reported in F5 BIG-IP products which could allow
an attacker to perform cross-site scripting attack on a targeted system.
Description
This vulnerability exists in multiple BIG-IP products due to a flaw in
undisclosed pages of Traffic Management User Interface (TMUI), also
referred to as the Configuration utility.
Successful exploitation of this vulnerability could allow the attacker to
run JavaScript in the context of the currently logged-in user. In case the
user has administrative privileges with access to the Advanced Shell
(bash), the attacker can completely compromise the targeted system.
Solution
Update to the fixed versions as mentioned in the F5 advisory
Vendor Information
F5 Networks
References
Tenable
CVE Name
CVE-2020-5903
About Cert Advisory
We have created this blog to provide latest security advisory from the india cert for the security vulnerability, threats, attacks and patching required to mitigate any kind of cyber attacks.