PT-2020-18804 · F5 · Big-Ip
Published
2020-07-01
·
Updated
2023-01-27
·
CVE-2020-5906
CVSS v3.1
8.1
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
BIG-IP versions 11.6.1 through 11.6.5.2
BIG-IP versions 12.1.0 through 12.1.5.2
BIG-IP versions 13.1.0 through 13.1.3.3
Description
The issue arises from the BIG-IP system's failure to properly enforce access controls for the
scp.blacklist files. This allows Admin and Resource Admin users with Secure Copy (SCP) protocol access to read and overwrite blacklisted files via SCP.Recommendations
For versions 11.6.1 through 11.6.5.2, update to a version that properly enforces access controls for the
scp.blacklist files.
For versions 12.1.0 through 12.1.5.2, update to a version that properly enforces access controls for the scp.blacklist files.
For versions 13.1.0 through 13.1.3.3, update to a version that properly enforces access controls for the scp.blacklist files.Fix
Incorrect Default Permissions
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Big-Ip