8.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:S/C:C/I:C/A:C
8.4 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H
8.4 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
42.9%
Undisclosed TMUI page contains a stored cross site scripting vulnerability (XSS). The issue allows a minor privilege escalation for resource admin to escalate to full admin. (CVE-2020-5945)
Impact
A malicious, authenticated user with Resource Administrator privileges may be able to exploit this vulnerability to escalate their role to full Administrator privileges andexecute system commands.This vulnerabilityis located in an undisclosedConfiguration utility (TMUI) page.
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from F5 Networks BIG-IP Solution K21540525.
#
# The text description of this plugin is (C) F5 Networks.
#
include('compat.inc');
if (description)
{
script_id(142359);
script_version("1.5");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/11/02");
script_cve_id("CVE-2020-5945");
script_name(english:"F5 Networks BIG-IP : F5 TMUI XSS vulnerability (K21540525)");
script_set_attribute(attribute:"synopsis", value:
"The remote device is missing a vendor-supplied security patch.");
script_set_attribute(attribute:"description", value:
"Undisclosed TMUI page contains a stored cross site scripting
vulnerability (XSS). The issue allows a minor privilege escalation for
resource admin to escalate to full admin. (CVE-2020-5945)
Impact
A malicious, authenticated user with Resource Administrator privileges
may be able to exploit this vulnerability to escalate their role to
full Administrator privileges andexecute system commands.This
vulnerabilityis located in an undisclosedConfiguration utility (TMUI)
page.");
script_set_attribute(attribute:"see_also", value:"https://my.f5.com/manage/s/article/K21540525");
script_set_attribute(attribute:"solution", value:
"Upgrade to one of the non-vulnerable versions listed in the F5 Solution K21540525.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:S/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-5945");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"vuln_publication_date", value:"2020/11/05");
script_set_attribute(attribute:"patch_publication_date", value:"2020/11/02");
script_set_attribute(attribute:"plugin_publication_date", value:"2020/11/03");
script_set_attribute(attribute:"potential_vulnerability", value:"true");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_access_policy_manager");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_advanced_firewall_manager");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_application_acceleration_manager");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_application_security_manager");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_application_visibility_and_reporting");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_domain_name_system");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_global_traffic_manager");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_link_controller");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_local_traffic_manager");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_policy_enforcement_manager");
script_set_attribute(attribute:"cpe", value:"cpe:/h:f5:big-ip");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"F5 Networks Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("f5_bigip_detect.nbin");
script_require_keys("Host/local_checks_enabled", "Host/BIG-IP/hotfix", "Host/BIG-IP/modules", "Host/BIG-IP/version", "Settings/ParanoidReport");
exit(0);
}
include('f5_func.inc');
if ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var version = get_kb_item('Host/BIG-IP/version');
if ( ! version ) audit(AUDIT_OS_NOT, 'F5 Networks BIG-IP');
if ( isnull(get_kb_item('Host/BIG-IP/hotfix')) ) audit(AUDIT_KB_MISSING, 'Host/BIG-IP/hotfix');
if ( ! get_kb_item('Host/BIG-IP/modules') ) audit(AUDIT_KB_MISSING, 'Host/BIG-IP/modules');
if (report_paranoia < 2) audit(AUDIT_PARANOID);
var sol = 'K21540525';
var vmatrix = {
'AFM': {
'affected': [
'16.0.0','15.0.0-15.1.0','14.1.0-14.1.2'
],
'unaffected': [
'16.1.0','16.0.1','15.1.1','14.1.2.8'
],
},
'AM': {
'affected': [
'16.0.0','15.0.0-15.1.0','14.1.0-14.1.2'
],
'unaffected': [
'16.1.0','16.0.1','15.1.1','14.1.2.8'
],
},
'APM': {
'affected': [
'16.0.0','15.0.0-15.1.0','14.1.0-14.1.2'
],
'unaffected': [
'16.1.0','16.0.1','15.1.1','14.1.2.8'
],
},
'ASM': {
'affected': [
'16.0.0','15.0.0-15.1.0','14.1.0-14.1.2'
],
'unaffected': [
'16.1.0','16.0.1','15.1.1','14.1.2.8'
],
},
'AVR': {
'affected': [
'16.0.0','15.0.0-15.1.0','14.1.0-14.1.2'
],
'unaffected': [
'16.1.0','16.0.1','15.1.1','14.1.2.8'
],
},
'DNS': {
'affected': [
'16.0.0','15.0.0-15.1.0','14.1.0-14.1.2'
],
'unaffected': [
'16.1.0','16.0.1','15.1.1','14.1.2.8'
],
},
'GTM': {
'affected': [
'16.0.0','15.0.0-15.1.0','14.1.0-14.1.2'
],
'unaffected': [
'16.1.0','16.0.1','15.1.1','14.1.2.8'
],
},
'LC': {
'affected': [
'16.0.0','15.0.0-15.1.0','14.1.0-14.1.2'
],
'unaffected': [
'16.1.0','16.0.1','15.1.1','14.1.2.8'
],
},
'LTM': {
'affected': [
'16.0.0','15.0.0-15.1.0','14.1.0-14.1.2'
],
'unaffected': [
'16.1.0','16.0.1','15.1.1','14.1.2.8'
],
},
'PEM': {
'affected': [
'16.0.0','15.0.0-15.1.0','14.1.0-14.1.2'
],
'unaffected': [
'16.1.0','16.0.1','15.1.1','14.1.2.8'
],
}
};
if (bigip_is_affected(vmatrix:vmatrix, sol:sol))
{
set_kb_item(name:'www/0/XSS', value:TRUE);
var extra = NULL;
if (report_verbosity > 0) extra = bigip_report_get();
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : extra
);
}
else
{
var tested = bigip_get_tested_modules();
var audit_extra = 'For BIG-IP module(s) ' + tested + ',';
if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version);
else audit(AUDIT_HOST_NOT, 'running any of the affected modules');
}
Vendor | Product | Version | CPE |
---|---|---|---|
f5 | big-ip_access_policy_manager | cpe:/a:f5:big-ip_access_policy_manager | |
f5 | big-ip_advanced_firewall_manager | cpe:/a:f5:big-ip_advanced_firewall_manager | |
f5 | big-ip_application_acceleration_manager | cpe:/a:f5:big-ip_application_acceleration_manager | |
f5 | big-ip_application_security_manager | cpe:/a:f5:big-ip_application_security_manager | |
f5 | big-ip_application_visibility_and_reporting | cpe:/a:f5:big-ip_application_visibility_and_reporting | |
f5 | big-ip_domain_name_system | cpe:/a:f5:big-ip_domain_name_system | |
f5 | big-ip_global_traffic_manager | cpe:/a:f5:big-ip_global_traffic_manager | |
f5 | big-ip_link_controller | cpe:/a:f5:big-ip_link_controller | |
f5 | big-ip_local_traffic_manager | cpe:/a:f5:big-ip_local_traffic_manager | |
f5 | big-ip_policy_enforcement_manager | cpe:/a:f5:big-ip_policy_enforcement_manager |
8.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:S/C:C/I:C/A:C
8.4 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H
8.4 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
42.9%