K21540525 : F5 TMUI XSS vulnerability CVE-2020-5945

2020-11-0200:00:00

my.f5.com

6.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

42.9%

JSON

Security Advisory Description

Undisclosed TMUI page contains a stored cross site scripting vulnerability (XSS). The issue allows a minor privilege escalation for resource admin to escalate to full admin. (CVE-2020-5945)

Impact

A malicious, authenticated user with Resource Administrator privileges may be able to exploit this vulnerability to escalate their role to full Administrator privileges and execute system commands. This vulnerability is located in an undisclosed Configuration utility (TMUI) page.

CPENameOperatorVersion
big-iq centralized managementeq5.3.0
big-iq centralized managementeq5.4.0
big-iq centralized managementeq6.0.0
big-iq centralized managementeq6.0.1
big-iq centralized managementeq6.1.0
big-iq centralized managementeq7.0.0
big-iq centralized managementeq7.1.0
big-ip afmeq11.6.1
big-ip afmeq11.6.2
big-ip afmeq11.6.3

Name	Operator	Version
big-iq centralized management	eq	5.3.0
big-iq centralized management	eq	5.4.0
big-iq centralized management	eq	6.0.0
big-iq centralized management	eq	6.0.1
big-iq centralized management	eq	6.1.0
big-iq centralized management	eq	7.0.0
big-iq centralized management	eq	7.1.0
big-ip afm	eq	11.6.1
big-ip afm	eq	11.6.2
big-ip afm	eq	11.6.3

Rows per page:

1-10 of 2241