CVE-2020-5903

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, a Cross-Site Scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility.

References

https://support.f5.com/csp/article/K43638305

https://www.kb.cert.org/vuls/id/290915

Details

Source: MITRE

Published: 2020-07-01

Updated: 2020-07-08

Type: CWE-79

Risk Information

CVSS v2

Base Score: 4.3

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Impact Score: 2.9

Exploitability Score: 8.6

Severity: MEDIUM

CVSS v3

Base Score: 6.1

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Impact Score: 2.7

Exploitability Score: 2.8

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:* versions from 12.1.0 to 12.1.5 (inclusive)

cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:* versions from 13.1.0 to 13.1.3 (inclusive)

cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:* versions from 14.1.0 to 14.1.2 (inclusive)

cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:* versions from 15.0.0 to 15.1.0 (inclusive)

cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:* versions from 12.1.0 to 12.1.5 (inclusive)

cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:* versions from 13.1.0 to 13.1.3 (inclusive)

cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:* versions from 14.1.0 to 14.1.2 (inclusive)

cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:* versions from 15.0.0 to 15.1.0 (inclusive)

cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:* versions from 12.1.0 to 12.1.5 (inclusive)

cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:* versions from 13.1.0 to 13.1.3 (inclusive)

cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:* versions from 14.1.0 to 14.1.2 (inclusive)

cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:* versions from 15.0.0 to 15.1.0 (inclusive)

cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:* versions from 12.1.0 to 12.1.5 (inclusive)

cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:* versions from 13.1.0 to 13.1.3 (inclusive)

cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:* versions from 14.1.0 to 14.1.2 (inclusive)

cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:* versions from 15.0.0 to 15.1.0 (inclusive)

cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:* versions from 12.1.0 to 12.1.5 (inclusive)

cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:* versions from 13.1.0 to 13.1.3 (inclusive)

cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:* versions from 14.1.0 to 14.1.2 (inclusive)

cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:* versions from 15.0.0 to 15.1.0 (inclusive)

cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:* versions from 12.1.0 to 12.1.5 (inclusive)

cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:* versions from 13.1.0 to 13.1.3 (inclusive)

cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:* versions from 14.1.0 to 14.1.2 (inclusive)

cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:* versions from 15.0.0 to 15.1.0 (inclusive)

cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:* versions from 12.1.0 to 12.1.5 (inclusive)

cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:* versions from 13.1.0 to 13.1.3 (inclusive)

cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:* versions from 14.1.0 to 14.1.2 (inclusive)

cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:* versions from 15.0.0 to 15.1.0 (inclusive)

cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:* versions from 12.1.0 to 12.1.5 (inclusive)

cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:* versions from 13.1.0 to 13.1.3 (inclusive)

cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:* versions from 14.1.0 to 14.1.2 (inclusive)

cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:* versions from 15.0.0 to 15.1.0 (inclusive)

cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:* versions from 12.1.0 to 12.1.5 (inclusive)

cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:* versions from 13.1.0 to 13.1.3 (inclusive)

cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:* versions from 14.1.0 to 14.1.2 (inclusive)

cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:* versions from 15.0.0 to 15.1.0 (inclusive)

cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:* versions from 12.1.0 to 12.1.5 (inclusive)

cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:* versions from 13.1.0 to 13.1.3 (inclusive)

cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:* versions from 14.1.0 to 14.1.2 (inclusive)

cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:* versions from 15.0.0 to 15.1.0 (inclusive)

cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:* versions from 12.1.0 to 12.1.5 (inclusive)

cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:* versions from 13.1.0 to 13.1.3 (inclusive)

cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:* versions from 14.1.0 to 14.1.2 (inclusive)

cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:* versions from 15.0.0 to 15.1.0 (inclusive)

Tenable Plugins

View all (2 total)

IDNameProductFamilySeverity
137917F5 Networks BIG-IP : BIG-IP TMUI XSS vulnerability (K43638305)NessusF5 Networks Local Security Checks
medium
137915F5 Networks BIG-IP : TMUI CSRF vulnerability (K31301245)NessusF5 Networks Local Security Checks
high