K59209532 : NGINX Controller NATS vulnerability CVE-2020-5910

2020-07-0100:00:00

my.f5.com

7 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

53.9%

JSON

Security Advisory Description

The Neural Autonomic Transport System (NATS) messaging services in use by the NGINX Controller do not require any form of authentication, so any successful connection would be authorized. (CVE-2020-5910)

Impact

A malicious user with access to the host where NGINX Controller is running on may eavesdrop on NATS connections and, thereby, gain unauthorized access data stored in the message queue.

CPENameOperatorVersion
big-iq centralized managementeq5.3.0
big-iq centralized managementeq5.4.0
big-iq centralized managementeq6.0.0
big-iq centralized managementeq6.0.1
big-iq centralized managementeq6.1.0
big-iq centralized managementeq7.0.0
big-iq centralized managementeq7.1.0
big-ip afmeq11.6.1
big-ip afmeq11.6.2
big-ip afmeq11.6.3

Name	Operator	Version
big-iq centralized management	eq	5.3.0
big-iq centralized management	eq	5.4.0
big-iq centralized management	eq	6.0.0
big-iq centralized management	eq	6.0.1
big-iq centralized management	eq	6.1.0
big-iq centralized management	eq	7.0.0
big-iq centralized management	eq	7.1.0
big-ip afm	eq	11.6.1
big-ip afm	eq	11.6.2
big-ip afm	eq	11.6.3

Rows per page:

1-10 of 1871