Back to search
CVE-2020-5873
Published: Apr 30, 2020
Modified: Aug 4, 2024
PUBLISHED
Description
On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.6.1-11.6.5 and BIG-IQ 5.2.0-7.1.0, a user associated with the Resource Administrator role who has access to the secure copy (scp) utility but does not have access to Advanced Shell (bash) can execute arbitrary commands using a maliciously crafted scp request.
| Vendor | Product | Versions |
|---|---|---|
n/a | BIG-IP | affected 15.0.0-15.0.1affected 14.1.0-14.1.2.3affected 13.1.0-13.1.3.1affected 12.1.0-12.1.5affected 11.6.1-11.6.5 |
n/a | BIG-IQ | affected 5.2.0-7.1.0 |
References
https://support.f5.com/csp/article/K03585731
x_refsource_MISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now