The vulnerability of the Advanced WAF/ASM TMUI application protection component of BIG-IP allows attackers to execute arbitrary commands, modify, or delete files.

The vulnerability of the Advanced WAF/ASM TMUI application protection component in BIG-IP is related to deficiencies in access control. Exploiting this vulnerability allows an attacker to execute arbitrary commands, modify or delete files remotely...

F5 BIGIP Appliance Mode TMUI Remote Command Execution Vulnerability

F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, and remote access policy management. The TMUI remote command execution vulnerability in F5 BIGIP Appliance mode can be exploited by an attacker to execute arbitrar...

F5 BIG-IP 安全漏洞

F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, and remote access policy management. F5 BIGIP AWAF/ASM Unauthorized User TMUI Remote Command Execution Vulnerability, the vulnerability allows a user with elevated...

F5 Networks BIG-IP : Appliance mode TMUI authenticated remote command execution vulnerability (K18132488)

The version of F5 Networks BIG-IP installed on the remote host is prior to 11.6.5.3 / 12.1.5.3 / 13.1.3.6 / 14.1.4 / 15.1.2.1 / 16.0.1.1 / 16.1.0. It is, therefore, affected by a vulnerability as referenced in the K18132488 advisory. - On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before...

F5 Networks BIG-IP : TMUI authenticated remote command execution vulnerability (K70031188)

The version of F5 Networks BIG-IP installed on the remote host is prior to 11.6.5.3 / 12.1.5.3 / 13.1.3.6 / 14.1.4 / 15.1.2.1 / 16.0.1.1 / 16.1.0. It is, therefore, affected by a vulnerability as referenced in the K70031188 advisory. - On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before...

F5 Networks BIG-IP : Advanced WAF/ASM TMUI authenticated remote command execution vulnerability (K45056101)

The version of F5 Networks BIG-IP installed on the remote host is prior to 11.6.5.3 / 12.1.5.3 / 13.1.3.6 / 14.1.4 / 15.1.2.1 / 16.0.1.1 / 16.1.0. It is, therefore, affected by a vulnerability as referenced in the K45056101 advisory. - On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before...

The vulnerability of the TMUI interface of the access control and remote authentication management tool BIG-IP Access Policy Manager, the BIG-IP Advanced Firewall Manager network interface, BIG-IP Advanced Web Application Firewall, the BIG-IP Application Acceleration Manager application delivery tools, the BIG-IP Application Security Manager application protection tools, the BIG-IP DDos Hybrid Defender DDoS attack protection tools, the BIG-IP DNS server, the BIG-IP Fraud Protection Service module, the BIG-IP Link Controller internet traffic balancing system, the BIG-IP Local Traffic Manager local traffic balancing system, the BIG-IP Policy Enforcement Manager network traffic control and management system, the SSL decryption and SSL encrypted traffic redirection tool SSL Orchestrator, allowing a perpetrator to execute arbitrary code.

The vulnerability of the TMUI interface of the BIG-IP Access Policy Manager, the BIG-IP Advanced Firewall Manager’s network interface, the BIG-IP Application Acceleration Manager’s application delivery components, the BIG-IP Application Security Manager’s application protection components, the...

CVE-2020-5948 — F5 TMUI XSS vulnerability

On BIG-IP versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-14.1.2.7, 13.1.0-13.1.3.4, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2. Undisclosed endpoints in iControl REST allow for a reflected XSS attack, which could lead to a complete compromise of the BIG-IP system if the victim user is granted the...

CVE-2020-5945

In BIG-IP versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, and 14.1.0-14.1.2.7, undisclosed TMUI page contains a stored cross site scripting vulnerability XSS. The issue allows a minor privilege escalation for resource admin to escalate to full admin...

CVE-2020-5940

In versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, and 14.1.0-14.1.2.3, a stored cross-site scripting XSS vulnerability exists in an undisclosed page of the BIG-IP Traffic Management User Interface TMUI, also known as the BIG-IP Configuration utility...

CVE-2020-5945

In BIG-IP versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, and 14.1.0-14.1.2.7, undisclosed TMUI page contains a stored cross site scripting vulnerability XSS. The issue allows a minor privilege escalation for resource admin to escalate to full admin...

Cross site scripting

In BIG-IP versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, and 14.1.0-14.1.2.7, undisclosed TMUI page contains a stored cross site scripting vulnerability XSS. The issue allows a minor privilege escalation for resource admin to escalate to full admin...

Cross site scripting

In versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, and 14.1.0-14.1.2.3, a stored cross-site scripting XSS vulnerability exists in an undisclosed page of the BIG-IP Traffic Management User Interface TMUI, also known as the BIG-IP Configuration utility...

CVE-2020-5945

CVE-2020-5945 affects F5 BIG-IP TMUI with a stored XSS in an undisclosed TMUI page that enables a Resource Administrator to escalate to full Administrator privileges. Affected versions: BIG-IP 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-14.1.2.7. Fixes are in 16.1.0 (for 16.x), 15.1.1 (for 15.x), an...

CVE-2020-5945

In BIG-IP versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, and 14.1.0-14.1.2.7, undisclosed TMUI page contains a stored cross site scripting vulnerability XSS. The issue allows a minor privilege escalation for resource admin to escalate to full admin...

CVE-2020-5940

In versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, and 14.1.0-14.1.2.3, a stored cross-site scripting XSS vulnerability exists in an undisclosed page of the BIG-IP Traffic Management User Interface TMUI, also known as the BIG-IP Configuration utility...

CVE-2020-5940

CVE-2020-5940 affects F5 BIG-IP TMUI (Traffic Management User Interface). A stored cross-site scripting (XSS) vulnerability exists in an undisclosed TMUI page. An authenticated attacker can store JavaScript that executes for other authenticated users accessing the Configuration utility; if the vi...

F5 Networks BIG-IP : BIG-IP TMUI vulnerability (K43310520)

A stored cross-site scripting XSS vulnerability exists in an undisclosed page of the BIG-IP Traffic Management User Interface TMUI, also known as the BIG-IP Configuration utility. CVE-2020-5940 Impact An authenticated attacker may be able to store JavaScript, whichis executed when another...

CVE-2020-5915

In BIG-IP versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, an undisclosed TMUI page contains a vulnerability which allows a stored XSS when BIG-IP systems are setup in a device trust...

CVE-2020-5915

In BIG-IP versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, an undisclosed TMUI page contains a vulnerability which allows a stored XSS when BIG-IP systems are setup in a device trust...