logo
DATABASE RESOURCES PRICING ABOUT US

PT-2020-04: Arbitrary code execution in F5 Traffic Management User Interface (TMUI)

Description

# PT-2020-04: Arbitrary code execution in F5 Traffic Management User Interface (TMUI) F5 Traffic Management User Interface (TMUI) **Severity:** Severity level: High Impact: Arbitrary code execution in F5 Traffic Management User Interface (TMUI) Access Vector: Remote CVSS v3.1: Base 10 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H CVE: CVE-2020-5902 **Vulnerability description:** The vulnerability allows unauthorized remote attackers to execute malicious code on the system, obtain sensitive information, or hijack traffic, as well as use the server with the Traffic Management User Interface (TMUI) for attacks on other internal resources of the target organization. **Advisory status:** 01.04.2020 - Vendor notification date 01.07.2020 - Security advisory publication date (<https://support.f5.com/csp/article/K52145254>) **Credits:** The vulnerability was discovered by Mikhail Klyuchnikov, Positive Technologies


Related