In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the Traffic Management User Interface (TMUI), also referred to as the Configuration utility, has a Remote Code Execution (RCE) vulnerability in undisclosed pages.

CNA Affected

[
  {
    "vendor": "n/a",
    "product": "BIG-IP",
    "versions": [
      {
        "version": "15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, 11.6.1-11.6.5.1",
        "status": "affected"
      }
    ]
  }
]

References

packetstormsecurity.com/files/158333/BIG-IP-TMUI-Remote-Code-Execution.html

packetstormsecurity.com/files/158334/BIG-IP-TMUI-Remote-Code-Execution.html

packetstormsecurity.com/files/158366/F5-BIG-IP-TMUI-Directory-Traversal-File-Upload-Code-Execution.html

packetstormsecurity.com/files/158414/Checker-CVE-2020-5902.html

packetstormsecurity.com/files/158581/F5-Big-IP-13.1.3-Build-0.0.6-Local-File-Inclusion.html

packetstormsecurity.com/files/175671/F5-BIG-IP-TMUI-Directory-Traversal-File-Upload-Code-Execution.html

badpackets.net/over-3000-f5-big-ip-endpoints-vulnerable-to-cve-2020-5902/

github.com/Critical-Start/Team-Ares/tree/master/CVE-2020-5902

support.f5.com/csp/article/K52145254

swarm.ptsecurity.com/rce-in-f5-big-ip/

www.criticalstart.com/f5-big-ip-remote-code-execution-exploit/

www.kb.cert.org/vuls/id/290915

zdt 5

ptsecurity 1

githubexploit 46

cisa_kev 1

nessus 2

trendmicroblog 2

attackerkb 2

cisa 1

mssecure 1

nuclei 1

f5 1

packetstorm 4

mmpc 1

dsquare 1

nvd 1

hackerone 1

prion 1

cve 1

talosblog 2

thn 11

checkpoint_advisories 1

ics 11

exploitdb 2

securelist 2

qualysblog 5

impervablog 1

threatpost 8

kitploit 2

cert 1

malwarebytes 1

avleonov 1

zdt

F5 BIG-IP TMUI Directory Traversal / File Upload / Code Execution Exploit

2020-07-07 00:00:00

F5 Big-IP 13.1.3 Build 0.0.6 - Local File Inclusion Vulnerability

2020-07-27 00:00:00

BIG-IP 15.0.0 < 15.1.0.3 - Traffic Management User Interface (TMUI) Remote Code Execution Exploit

2020-07-07 00:00:00

ptsecurity

PT-2020-04: Arbitrary code execution in F5 Traffic Management User Interface (TMUI)

2020-01-04 00:00:00

githubexploit

Exploit for Path Traversal in F5 Big-Ip Access Policy Manager

2020-07-17 03:13:30

Exploit for Path Traversal in F5 Big-Ip Access Policy Manager

2020-07-10 21:43:11

Exploit for Path Traversal in F5 Big-Ip Access Policy Manager

2020-07-04 14:12:57

cisa_kev

F5 BIG-IP Traffic Management User Interface (TMUI) Remote Code Execution Vulnerability

2021-11-03 00:00:00

nessus

F5 Networks BIG-IP : TMUI RCE vulnerability (K52145254)

2020-07-01 00:00:00

F5 Networks BIG-IP : TMUI RCE (CVE-2020-5902) (Direct Check)

2020-07-06 00:00:00

trendmicroblog

This Week in Security News: Mirai Botnet Exploit Weaponized to Attack IoT Devices via CVE-2020-5902 and Vermont Taxpayers Warned of Data Leak Over the Past Three Years

2020-07-31 12:30:21

This Week in Security News: 15 Billion Credentials Currently Up for Grabs on Hacker Forums and New Mirai Variant Expands Arsenal

2020-07-10 12:30:22

attackerkb

CVE-2020-5902 — TMUI RCE vulnerability

2020-07-01 00:00:00

CVE-2020-15506

2020-07-07 00:00:00

cisa

F5 Releases Security Advisory for BIG-IP TMUI RCE vulnerability, CVE-2020-5902

2020-07-04 00:00:00

mssecure

Web shell attacks continue to rise

2021-02-11 17:00:05

nuclei

F5 BIG-IP TMUI - Remote Code Execution

2020-07-05 08:11:58

K52145254 : TMUI RCE vulnerability CVE-2020-5902

2020-07-01 00:00:00

packetstorm

F5 BIG-IP TMUI Directory Traversal / File Upload / Code Execution

2023-11-14 00:00:00

BIG-IP TMUI Remote Code Execution

2020-07-07 00:00:00

F5 BIG-IP TMUI Directory Traversal / File Upload / Code Execution

2020-07-07 00:00:00

mmpc

Web shell attacks continue to rise

2021-02-11 17:00:05

dsquare

F5 BIG-IP Traffic Management User Interface File Disclosure

2020-07-05 00:00:00

nvd

CVE-2020-5902

2020-07-01 15:15:15

hackerone

8x8: F5 BIG-IP TMUI RCE - CVE-2020-5902 (██.packet8.net)

2022-03-23 13:50:18

prion

Remote code execution

2020-07-01 15:15:00

cve

CVE-2020-5902

2020-07-01 15:15:15

talosblog

New Snort rule addresses critical vulnerability in F5 BIG-IP

2020-07-06 14:19:53

Attackers target Ukraine using GoMet backdoor

2022-07-21 12:00:00

thn

New Cyber Espionage Group Targeting Ministries of Foreign Affairs

2021-06-11 07:01:00

Critical RCE Flaw Affects F5 BIG-IP Application Security Servers

2020-07-04 14:20:00

Critical F5 BIG-IP Bug Under Active Attacks After PoC Exploit Posted Online

2021-03-20 15:54:00

checkpoint_advisories

F5 BIG-IP Remote Code Execution (CVE-2020-5902)

2020-07-06 00:00:00

ics

Threat Actor Exploitation of F5 BIG-IP CVE-2020-5902

2020-07-24 12:00:00

Iranian Advanced Persistent Threat Actors Threaten Election-Related Systems

2020-10-22 12:00:00

Chinese State-Sponsored Cyber Operations: Observed TTPs

2021-08-20 12:00:00

exploitdb

BIG-IP 15.0.0 < 15.1.0.3 / 14.1.0 < 14.1.2.5 / 13.1.0 < 13.1.3.3 / 12.1.0 < 12.1.5.1 / 11.6.1 < 11.6.5.1 - Traffic Management User Interface 'TMUI' Remote Code Execution

2020-07-06 00:00:00

F5 Big-IP 13.1.3 Build 0.0.6 - Local File Inclusion

2020-07-26 00:00:00

securelist

DDoS attacks in Q3 2020

2020-10-28 10:00:21

APT trends report Q3 2021

2021-10-26 10:00:11

qualysblog

F5 BIG-IP Remote Code Execution Vulnerability (CVE-2020-5902)

2020-07-06 23:09:52

Russia-Ukraine Crisis: How to Strengthen Your Security Posture to Protect against Cyber Attack, based on CISA Guidelines

2022-02-26 20:20:32

NSA Alert: Topmost CVEs Actively Exploited By People’s Republic of China State-Sponsored Cyber Actors

2022-10-07 20:03:01

impervablog

Despite COVID-19 pandemic, Imperva reports number of vulnerabilities decreased in 2020

2021-02-22 19:42:10

threatpost

Critical F5 BIG-IP Flaw Now Under Active Attack

2021-03-19 20:52:15

Pioneer Kitten APT Sells Corporate Network Access

2020-09-01 13:35:19

Thousands of Vulnerable F5 BIG-IP Users Still Open to Takeover

2020-07-17 20:59:33

kitploit

ShonyDanza - A Customizable, Easy-To-Navigate Tool For Researching, Pen Testing, And Defending With The Power Of Shodan

2021-12-27 20:30:00

ShonyDanza - A Customizable, Easy-To-Navigate Tool For Researching, Pen Testing, And Defending With The Power Of Shodan

2021-12-01 20:30:00

cert

F5 BIG-IP contains multiple vulnerabilities including unauthenticated remote command execution

2020-07-08 00:00:00

malwarebytes

Chinese APT's favorite vulnerabilities revealed

2022-10-13 16:15:00

avleonov

Joint Advisory AA22-279A and Vulristics

2022-10-21 20:10:13

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

9.9 High

AI Score

Confidence

High

0.976 High

EPSS

Percentile

100.0%

JSON

Related for CVELIST:CVE-2020-5902