PT-2020-18848 · F5 · Big-Ip

Published

2020-12-11

Updated

2021-07-21

CVE-2020-5950

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Name of the Vulnerable Software and Affected Versions BIG-IP versions 14.1.0 through 14.1.2.6

Description The issue allows for a reflected XSS attack through undisclosed endpoints in iControl REST, potentially leading to a complete compromise of the BIG-IP system if the victim user has the admin role.

Recommendations For versions 14.1.0 through 14.1.2.6, consider restricting access to the iControl REST endpoints as a temporary mitigation measure until a patch is available.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2020-5950

Affected Products

Big-Ip

PT-2020-18848 · F5 · Big-Ip

CVE-2020-5950

Weakness Enumeration

Related Identifiers

Affected Products

References · 14