ID CVE-2020-5916Type cveReporter cve@mitre.orgModified 2020-09-02T18:19:00
Description
In BIG-IP versions 15.1.0-15.1.0.4 and 15.0.0-15.0.1.3 the Certificate Administrator user role and higher privileged roles can perform arbitrary file reads outside of the web root directory.
{"id": "CVE-2020-5916", "bulletinFamily": "NVD", "title": "CVE-2020-5916", "description": "In BIG-IP versions 15.1.0-15.1.0.4 and 15.0.0-15.0.1.3 the Certificate Administrator user role and higher privileged roles can perform arbitrary file reads outside of the web root directory.", "published": "2020-08-26T15:15:00", "modified": "2020-09-02T18:19:00", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-5916", "reporter": "cve@mitre.org", "references": ["https://support.f5.com/csp/article/K29923912"], "cvelist": ["CVE-2020-5916"], "type": "cve", "lastseen": "2020-12-09T22:03:16", "edition": 7, "viewCount": 2, "enchantments": {"dependencies": {"references": [{"type": "nessus", "idList": ["F5_BIGIP_SOL29923912.NASL"]}], "modified": "2020-12-09T22:03:16", "rev": 2}, "score": {"value": 4.7, "vector": "NONE", "modified": "2020-12-09T22:03:16", "rev": 2}, "vulnersScore": 4.7}, "cpe": [], "affectedSoftware": [{"cpeName": "f5:big-ip_link_controller", "name": "f5 big-ip link controller", "operator": "lt", "version": "15.1.0.5"}, {"cpeName": "f5:big-ip_global_traffic_manager", "name": "f5 big-ip global traffic manager", "operator": "lt", "version": "15.0.1.4"}, {"cpeName": "f5:big-ip_policy_enforcement_manager", "name": "f5 big-ip policy enforcement manager", "operator": "lt", "version": "15.1.0.5"}, {"cpeName": "f5:big-ip_analytics", "name": "f5 big-ip analytics", "operator": "lt", "version": "15.0.1.4"}, {"cpeName": "f5:big-ip_advanced_firewall_manager", "name": "f5 big-ip advanced firewall manager", "operator": "lt", "version": "15.1.0.5"}, {"cpeName": "f5:big-ip_application_security_manager", "name": "f5 big-ip application security manager", "operator": "lt", "version": "15.0.1.4"}, {"cpeName": "f5:ssl_orchestrator", "name": "f5 ssl orchestrator", "operator": "lt", "version": "15.0.1.4"}, {"cpeName": "f5:big-ip_application_acceleration_manager", "name": "f5 big-ip application acceleration manager", "operator": "lt", "version": "15.0.1.4"}, {"cpeName": "f5:big-ip_ddos_hybrid_defender", "name": "f5 big-ip ddos hybrid defender", "operator": "lt", "version": "15.0.1.4"}, {"cpeName": "f5:big-ip_access_policy_manager", "name": "f5 big-ip access policy manager", "operator": "lt", "version": "15.0.1.4"}, {"cpeName": "f5:ssl_orchestrator", "name": "f5 ssl orchestrator", "operator": "lt", "version": "15.1.0.5"}, {"cpeName": "f5:big-ip_domain_name_system", "name": "f5 big-ip domain name system", "operator": "lt", "version": "15.0.1.4"}, {"cpeName": "f5:big-ip_fraud_protection_service", "name": "f5 big-ip fraud protection service", "operator": "lt", "version": "15.1.0.5"}, {"cpeName": "f5:big-ip_local_traffic_manager", "name": "f5 big-ip local traffic manager", "operator": "lt", "version": "15.0.1.4"}, {"cpeName": "f5:big-ip_application_security_manager", "name": "f5 big-ip application security manager", "operator": "lt", "version": "15.1.0.5"}, {"cpeName": "f5:big-ip_application_acceleration_manager", "name": "f5 big-ip application acceleration manager", "operator": "lt", "version": "15.1.0.5"}, {"cpeName": "f5:big-ip_link_controller", "name": "f5 big-ip link controller", "operator": "lt", "version": "15.0.1.4"}, {"cpeName": "f5:big-ip_fraud_protection_service", "name": "f5 big-ip fraud protection service", "operator": "lt", "version": "15.0.1.4"}, {"cpeName": "f5:big-ip_analytics", "name": "f5 big-ip analytics", "operator": "lt", "version": "15.1.0.5"}, {"cpeName": "f5:big-ip_local_traffic_manager", "name": "f5 big-ip local traffic manager", "operator": "lt", "version": "15.1.0.5"}, {"cpeName": "f5:big-ip_policy_enforcement_manager", "name": "f5 big-ip policy enforcement manager", "operator": "lt", "version": "15.0.1.4"}, {"cpeName": "f5:big-ip_global_traffic_manager", "name": "f5 big-ip global traffic manager", "operator": "lt", "version": "15.1.0.5"}, {"cpeName": "f5:big-ip_advanced_firewall_manager", "name": "f5 big-ip advanced firewall manager", "operator": "lt", "version": "15.0.1.4"}, {"cpeName": "f5:big-ip_access_policy_manager", "name": "f5 big-ip access policy manager", "operator": "lt", "version": "15.1.0.5"}, {"cpeName": "f5:big-ip_domain_name_system", "name": "f5 big-ip domain name system", "operator": "lt", "version": "15.1.0.5"}, {"cpeName": "f5:big-ip_ddos_hybrid_defender", "name": "f5 big-ip ddos hybrid defender", "operator": "lt", "version": "15.1.0.5"}], "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 4.0}, "cpe23": [], "cwe": ["CWE-200"], "scheme": null, "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:f5:big-ip_access_policy_manager:15.0.1.4:*:*:*:*:*:*:*", "versionEndExcluding": "15.0.1.4", "versionStartIncluding": "15.0.0", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f5:big-ip_domain_name_system:15.1.0.5:*:*:*:*:*:*:*", "versionEndExcluding": "15.1.0.5", "versionStartIncluding": "15.1.0", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:15.1.0.5:*:*:*:*:*:*:*", "versionEndExcluding": "15.1.0.5", "versionStartIncluding": "15.1.0", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f5:big-ip_access_policy_manager:15.1.0.5:*:*:*:*:*:*:*", "versionEndExcluding": "15.1.0.5", "versionStartIncluding": "15.1.0", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:15.0.1.4:*:*:*:*:*:*:*", "versionEndExcluding": "15.0.1.4", "versionStartIncluding": "15.0.0", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f5:big-ip_local_traffic_manager:15.1.0.5:*:*:*:*:*:*:*", "versionEndExcluding": "15.1.0.5", "versionStartIncluding": "15.1.0", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:15.0.1.4:*:*:*:*:*:*:*", "versionEndExcluding": "15.0.1.4", "versionStartIncluding": "15.0.0", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f5:big-ip_global_traffic_manager:15.0.1.4:*:*:*:*:*:*:*", "versionEndExcluding": "15.0.1.4", "versionStartIncluding": "15.0.0", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f5:big-ip_link_controller:15.1.0.5:*:*:*:*:*:*:*", "versionEndExcluding": "15.1.0.5", "versionStartIncluding": "15.1.0", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:15.1.0.5:*:*:*:*:*:*:*", "versionEndExcluding": "15.1.0.5", "versionStartIncluding": "15.1.0", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f5:big-ip_link_controller:15.0.1.4:*:*:*:*:*:*:*", "versionEndExcluding": "15.0.1.4", "versionStartIncluding": "15.0.0", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f5:big-ip_fraud_protection_service:15.1.0.5:*:*:*:*:*:*:*", "versionEndExcluding": "15.1.0.5", "versionStartIncluding": "15.1.0", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f5:ssl_orchestrator:15.0.1.4:*:*:*:*:*:*:*", "versionEndExcluding": "15.0.1.4", "versionStartIncluding": "15.0.0", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f5:big-ip_analytics:15.0.1.4:*:*:*:*:*:*:*", "versionEndExcluding": "15.0.1.4", "versionStartIncluding": "15.0.0", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f5:big-ip_global_traffic_manager:15.1.0.5:*:*:*:*:*:*:*", "versionEndExcluding": "15.1.0.5", "versionStartIncluding": "15.1.0", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f5:big-ip_analytics:15.1.0.5:*:*:*:*:*:*:*", "versionEndExcluding": "15.1.0.5", "versionStartIncluding": "15.1.0", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:15.0.1.4:*:*:*:*:*:*:*", "versionEndExcluding": "15.0.1.4", "versionStartIncluding": "15.0.0", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f5:big-ip_fraud_protection_service:15.0.1.4:*:*:*:*:*:*:*", "versionEndExcluding": "15.0.1.4", "versionStartIncluding": "15.0.0", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f5:big-ip_application_security_manager:15.0.1.4:*:*:*:*:*:*:*", "versionEndExcluding": "15.0.1.4", "versionStartIncluding": "15.0.0", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f5:big-ip_domain_name_system:15.0.1.4:*:*:*:*:*:*:*", "versionEndExcluding": "15.0.1.4", "versionStartIncluding": "15.0.0", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f5:big-ip_local_traffic_manager:15.0.1.4:*:*:*:*:*:*:*", "versionEndExcluding": "15.0.1.4", "versionStartIncluding": "15.0.0", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f5:ssl_orchestrator:15.1.0.5:*:*:*:*:*:*:*", "versionEndExcluding": "15.1.0.5", "versionStartIncluding": "15.1.0", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:15.1.0.5:*:*:*:*:*:*:*", "versionEndExcluding": "15.1.0.5", "versionStartIncluding": "15.1.0", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:15.1.0.5:*:*:*:*:*:*:*", "versionEndExcluding": "15.1.0.5", "versionStartIncluding": "15.1.0", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f5:big-ip_application_security_manager:15.1.0.5:*:*:*:*:*:*:*", "versionEndExcluding": "15.1.0.5", "versionStartIncluding": "15.1.0", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:15.0.1.4:*:*:*:*:*:*:*", "versionEndExcluding": "15.0.1.4", "versionStartIncluding": "15.0.0", "vulnerable": true}], "operator": "OR"}]}}
{"nessus": [{"lastseen": "2020-12-12T10:00:16", "description": "The Certificate Administrator user role and higher privileged roles\ncan perform arbitrary file reads outside of the web root directory.\n(CVE-2020-5916)\n\nImpact\n\nRequests to the Configuration utilitycan result in arbitrary file\nreads outside of the web root directory.", "edition": 5, "cvss3": {"score": 6.8, "vector": "AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N"}, "published": "2020-08-26T00:00:00", "title": "F5 Networks BIG-IP : BIG-IP Configuration utility vulnerability (K29923912)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-5916"], "modified": "2020-08-26T00:00:00", "cpe": ["cpe:/a:f5:big-ip_global_traffic_manager", "cpe:/a:f5:big-ip_link_controller", "cpe:/a:f5:big-ip_advanced_firewall_manager", "cpe:/a:f5:big-ip_policy_enforcement_manager", "cpe:/a:f5:big-ip_application_security_manager", "cpe:/a:f5:big-ip_application_acceleration_manager", "cpe:/a:f5:big-ip_local_traffic_manager", "cpe:/h:f5:big-ip", "cpe:/a:f5:big-ip_application_visibility_and_reporting", "cpe:/a:f5:big-ip_access_policy_manager"], "id": "F5_BIGIP_SOL29923912.NASL", "href": "https://www.tenable.com/plugins/nessus/139820", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from F5 Networks BIG-IP Solution K29923912.\n#\n# The text description of this plugin is (C) F5 Networks.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(139820);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/12/11\");\n\n script_cve_id(\"CVE-2020-5916\");\n script_xref(name:\"IAVA\", value:\"2020-A-0395-S\");\n\n script_name(english:\"F5 Networks BIG-IP : BIG-IP Configuration utility vulnerability (K29923912)\");\n script_summary(english:\"Checks the BIG-IP version.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote device is missing a vendor-supplied security patch.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The Certificate Administrator user role and higher privileged roles\ncan perform arbitrary file reads outside of the web root directory.\n(CVE-2020-5916)\n\nImpact\n\nRequests to the Configuration utilitycan result in arbitrary file\nreads outside of the web root directory.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://support.f5.com/csp/article/K29923912\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Upgrade to one of the non-vulnerable versions listed in the F5\nSolution K29923912.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-5916\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_access_policy_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_advanced_firewall_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_acceleration_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_security_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_visibility_and_reporting\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_global_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_link_controller\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_local_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_policy_enforcement_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/08/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/08/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/08/26\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"F5 Networks Local Security Checks\");\n\n script_dependencies(\"f5_bigip_detect.nbin\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/BIG-IP/hotfix\", \"Host/BIG-IP/modules\", \"Host/BIG-IP/version\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\n\ninclude(\"f5_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nversion = get_kb_item(\"Host/BIG-IP/version\");\nif ( ! version ) audit(AUDIT_OS_NOT, \"F5 Networks BIG-IP\");\nif ( isnull(get_kb_item(\"Host/BIG-IP/hotfix\")) ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/hotfix\");\nif ( ! get_kb_item(\"Host/BIG-IP/modules\") ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/modules\");\n\nsol = \"K29923912\";\nvmatrix = make_array();\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\n# AFM\nvmatrix[\"AFM\"] = make_array();\nvmatrix[\"AFM\"][\"affected\" ] = make_list(\"15.1.0\",\"15.0.0-15.0.1\");\nvmatrix[\"AFM\"][\"unaffected\"] = make_list(\"16.0.0\",\"15.1.0.5\",\"15.0.1.4\");\n\n# AM\nvmatrix[\"AM\"] = make_array();\nvmatrix[\"AM\"][\"affected\" ] = make_list(\"15.1.0\",\"15.0.0-15.0.1\");\nvmatrix[\"AM\"][\"unaffected\"] = make_list(\"16.0.0\",\"15.1.0.5\",\"15.0.1.4\");\n\n# APM\nvmatrix[\"APM\"] = make_array();\nvmatrix[\"APM\"][\"affected\" ] = make_list(\"15.1.0\",\"15.0.0-15.0.1\");\nvmatrix[\"APM\"][\"unaffected\"] = make_list(\"16.0.0\",\"15.1.0.5\",\"15.0.1.4\");\n\n# ASM\nvmatrix[\"ASM\"] = make_array();\nvmatrix[\"ASM\"][\"affected\" ] = make_list(\"15.1.0\",\"15.0.0-15.0.1\");\nvmatrix[\"ASM\"][\"unaffected\"] = make_list(\"16.0.0\",\"15.1.0.5\",\"15.0.1.4\");\n\n# AVR\nvmatrix[\"AVR\"] = make_array();\nvmatrix[\"AVR\"][\"affected\" ] = make_list(\"15.1.0\",\"15.0.0-15.0.1\");\nvmatrix[\"AVR\"][\"unaffected\"] = make_list(\"16.0.0\",\"15.1.0.5\",\"15.0.1.4\");\n\n# GTM\nvmatrix[\"GTM\"] = make_array();\nvmatrix[\"GTM\"][\"affected\" ] = make_list(\"15.1.0\",\"15.0.0-15.0.1\");\nvmatrix[\"GTM\"][\"unaffected\"] = make_list(\"16.0.0\",\"15.1.0.5\",\"15.0.1.4\");\n\n# LC\nvmatrix[\"LC\"] = make_array();\nvmatrix[\"LC\"][\"affected\" ] = make_list(\"15.1.0\",\"15.0.0-15.0.1\");\nvmatrix[\"LC\"][\"unaffected\"] = make_list(\"16.0.0\",\"15.1.0.5\",\"15.0.1.4\");\n\n# LTM\nvmatrix[\"LTM\"] = make_array();\nvmatrix[\"LTM\"][\"affected\" ] = make_list(\"15.1.0\",\"15.0.0-15.0.1\");\nvmatrix[\"LTM\"][\"unaffected\"] = make_list(\"16.0.0\",\"15.1.0.5\",\"15.0.1.4\");\n\n# PEM\nvmatrix[\"PEM\"] = make_array();\nvmatrix[\"PEM\"][\"affected\" ] = make_list(\"15.1.0\",\"15.0.0-15.0.1\");\nvmatrix[\"PEM\"][\"unaffected\"] = make_list(\"16.0.0\",\"15.1.0.5\",\"15.0.1.4\");\n\n\nif (bigip_is_affected(vmatrix:vmatrix, sol:sol))\n{\n if (report_verbosity > 0) security_warning(port:0, extra:bigip_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = bigip_get_tested_modules();\n audit_extra = \"For BIG-IP module(s) \" + tested + \",\";\n if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version);\n else audit(AUDIT_HOST_NOT, \"running any of the affected modules\");\n}\n", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}]}
