Attackers could address various gaps in BIG-IP appliances such as Application Acceleration Manager and Local Traffic Manager and run malicious code on systems. Security updates help.
The “critical“Vulnerability with the identifier CVE-2020-5902 is rated with the highest possible CVSSv3 score 10 out of 10. The vulnerability affects the Traffic Management User Interface (TMUI).
Attackers should be able to start remote code execution attacks without authentication. This usually results in a complete compromise of a system. The following BIG-IP versions have been repaired:
Due to the severity of the vulnerability, admins should install the updates quickly. BIG-IQ Centralized and Traffix SDC are not affected by the vulnerability.
Other dangerous vulnerabilities
By exploiting further vulnerabilities, access to actually closed files and subsequent manipulation is still possible. Session IDs could also leak. The remaining gaps are marked with “medium” and “low“classified.
List sorted in descending order by threat level: