K43530108 : NGINX Controller Agent vulnerability CVE-2020-27730

2020-12-0800:00:00

my.f5.com

7.3 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

74.7%

JSON

Security Advisory Description

The NGINX Controller Agent does not use absolute paths when calling system utilities. (CVE-2020-27730)

Impact

This vulnerability allows a local attacker to escalate privileges and run arbitrary code as the agent (root) process.

CPENameOperatorVersion
f5 ssl orchestratoreq14.1.0
f5 ssl orchestratoreq15.1.0
f5 ssl orchestratoreq16.0.0
big-ip afmeq11.6.1
big-ip afmeq11.6.2
big-ip afmeq11.6.3
big-ip afmeq11.6.4
big-ip afmeq11.6.5
big-ip afmeq12.1.0
big-ip afmeq12.1.1

Name	Operator	Version
f5 ssl orchestrator	eq	14.1.0
f5 ssl orchestrator	eq	15.1.0
f5 ssl orchestrator	eq	16.0.0
big-ip afm	eq	11.6.1
big-ip afm	eq	11.6.2
big-ip afm	eq	11.6.3
big-ip afm	eq	11.6.4
big-ip afm	eq	11.6.5
big-ip afm	eq	12.1.0
big-ip afm	eq	12.1.1

Rows per page:

1-10 of 2441