PT-2020-18781 · F5 · Big-Ip

Published

2020-04-30

Updated

2020-05-07

CVE-2020-5880

CVSS v3.1

7.1

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H

Name of the Vulnerable Software and Affected Versions F5 BIG-IP versions 14.1.0 through 14.1.2.3 F5 BIG-IP versions 15.0.0 through 15.0.1.3

Description The restjavad process in the affected BIG-IP systems may allow attackers to upload arbitrary files, bypassing the authorization system. Additionally, error messages resulting from this issue may reveal internal server paths.

Recommendations For F5 BIG-IP versions 14.1.0 through 14.1.2.3, update to a version outside of this range to resolve the issue. For F5 BIG-IP versions 15.0.0 through 15.0.1.3, update to a version outside of this range to resolve the issue. As a temporary workaround, consider restricting access to the restjavad process to minimize the risk of exploitation.

Fix

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-434

Related Identifiers

CVE-2020-5880

Affected Products

Big-Ip

PT-2020-18781 · F5 · Big-Ip

CVE-2020-5880

Weakness Enumeration

Related Identifiers

Affected Products

References · 4