K14631834 : NGINX Controller vulnerability CVE-2020-5863

2020-03-1900:00:00

my.f5.com

8.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

47.3%

JSON

Security Advisory Description

In NGINX Controller versions prior to 3.2.0, an unauthenticated attacker with network access to the Controller API can create unprivileged user accounts. The user which is created is only able to upload a new license to the system but cannot view or modify any other components of the system. (CVE-2020-5863)

Impact

Attackers can exploit this vulnerability to create user accounts with limited access and to create a denial of service (DoS) scenario on the NGINX Controller.

CPENameOperatorVersion
big-iq centralized managementeq5.2.0
big-iq centralized managementeq5.3.0
big-iq centralized managementeq5.4.0
big-iq centralized managementeq6.0.0
big-iq centralized managementeq6.0.1
big-iq centralized managementeq6.1.0
big-iq centralized managementeq7.0.0
big-ip gtmeq11.5.10
big-ip gtmeq11.5.2
big-ip gtmeq11.5.3

Name	Operator	Version
big-iq centralized management	eq	5.2.0
big-iq centralized management	eq	5.3.0
big-iq centralized management	eq	5.4.0
big-iq centralized management	eq	6.0.0
big-iq centralized management	eq	6.0.1
big-iq centralized management	eq	6.1.0
big-iq centralized management	eq	7.0.0
big-ip gtm	eq	11.5.10
big-ip gtm	eq	11.5.2
big-ip gtm	eq	11.5.3

Rows per page:

1-10 of 221