AppCheck plug-in details

AppCheck have released a new plug-in to detect recently discovered security flaws within F5 BIG-IP devices, CVE-2020-5902 and CVE-2020-5903.

If these vulnerabilities may affect you then we strongly recommend a scan to detect them and some quick fixes.

About the flaws

CVE-2020-5902 is a Remote Code Execution (RCE) vulnerability.

‘The Traffic Management User Interface (TMUI), also referred to as the Configuration utility, has a Remote Code Execution (RCE) vulnerability in undisclosed pages.’

This vulnerability may allow an attacker to execute arbitrary system commands, create or delete files, disable services, and/or execute arbitrary Java code. It is possible for an attacker to achieve complete system compromise.

F5 recommends upgrading to a fixed software version to fully mitigate this vulnerability.

CVE-2020-5903 is a Cross-site Scripting (XSS) vulnerability.

‘A Cross-Site Scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility.’

Attackers can exploit this vulnerability to run JavaScript in the context of the currently logged-in user. If an attacker were to target an admin user, the vulnerability could be leveraged to completely compromise the BIG-IP system through Remote Code Execution.

F5 recommend in terms of mitigation: ‘you should permit management access to F5 products only over a secure network, and limit shell access to only trusted users.’

Scoring 7.5/10 and 10/10 on the CVSSv3 vulnerability severity scale, this is an extremely serious pair of vulnerabilities. This is made even more serious by the fact it is used by many enterprise companies including governments and Fortune 500 companies.

Additional Information

If you require additional information, please get in touch with us at info@localhost

If you would like to see if AppCheck can discover this vulnerability (as well as thousands more) simply click the free trial scan button below.