CVE-2020-5873

Name of the Vulnerable Software and Affected Versions F5 BIG-IP versions 11.6.1 through 11.6.5 F5 BIG-IP versions 12.1.0 through 12.1.5 F5 BIG-IP versions 13.1.0 through 13.1.3.1 F5 BIG-IP versions 14.1.0 through 14.1.2.3 F5 BIG-IP versions 15.0.0 through 15.0.1 F5 BIG-IQ versions 5.2.0 through 7.1.0

Description A user with the Resource Administrator role and access to the secure copy (scp) utility, but without access to Advanced Shell (bash), can execute arbitrary commands by sending a maliciously crafted scp request.

Recommendations For F5 BIG-IP versions 11.6.1 through 11.6.5, update to a version that is not affected by this issue. For F5 BIG-IP versions 12.1.0 through 12.1.5, update to a version that is not affected by this issue. For F5 BIG-IP versions 13.1.0 through 13.1.3.1, update to a version that is not affected by this issue. For F5 BIG-IP versions 14.1.0 through 14.1.2.3, update to a version that is not affected by this issue. For F5 BIG-IP versions 15.0.0 through 15.0.1, update to a version that is not affected by this issue. For F5 BIG-IQ versions 5.2.0 through 7.1.0, update to a version that is not affected by this issue. As a temporary workaround, consider restricting access to the scp utility for users with the Resource Administrator role until a patch is available.