<img alt="" src="https://secure.hiss3lark.com/173130.png" style="display:none;">

Datashield's Resource Library

Read all of our news, articles, reviews, and more in our company blog

All Posts

Vulnerability CVE-2020-5902

Vulnerability CVE-2020-5902

Datashield is aware of a recent vulnerability [CVE-2020-5902] and it has been published for the following F5 products: BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, FPS, GTM, Link Controller, PEM)

This vulnerability affects the Traffic Management User Interface (TMUI), also known as the configuration utility. This is a unauthenticated Remote Code Execution (RCE) vulnerability that allows attackers to execute system commands, create or delete files, disable services, and execute java code. This CVE was rated as a 10 on the CSVSv3 scale. We recommend immediate patching to ensure the vulnerability isn’t leveraged in any attack against your network.

The vulnerable versions, their subsequent hotfixes, and a more granular review of the vulnerability can be found using the link provided below.

https://support.f5.com/csp/article/K52145254

Datashield performed a preliminary scan against the external networks that we had on file, looking for any exposed management interfaces and found none. However, we do want to recommend patching and having your admins ensure that the TMUI is not exposed to the internet. There is also currently no known POC (proof of concept) for this vulnerability.

If you have any questions regarding this vulnerability, please contact us.

Topics from this Article

Microsoft, Windows, Remote Code Execution, CVE, Vulnerability Management

Datashield
Datashield
Official Datashield account for blog content, news, announcements and more. The articles authored include a collaboration between internal staff, specifically the security operations and marketing team.

Related Posts

Top 5 Most Popular Cybersecurity Certifications

The cybersecurity analyst has become the third most valuable job description in the technology industry. The increasing security incidents to IT infrastructure, the demand for accountability from end-users, and the financial cost of successful breaches are significant reasons enterprises and startups are taking cybersecurity seriously. Ambitious professionals who choose a career in IT security are reaping the benefits of securing operating systems and deployed IT infrastructure.

What is Ransomware?

Ransomware is a form of malware cybercriminals use to encrypt data stored in computers or online servers. Cybercriminals demand payment to release the encryption key blocking the user from accessing the encrypted data. Payment is typically made through diverse mediums, including digital currency like Bitcoin. Once payment has been made, the victim is generally provided with instructions on decrypting their data.

Datashield Announces Partnership with Bishop Fox

Two cybersecurity powerhouses partner to provide defensive and offensive security services to boost enterprise companies’ security posture. Scottsdale, Ariz.— Datashield, a Scottsdale-based cybersecurity company, recently inked its partnership with offensive security services firm Bishop Fox. Both companies are based in Arizona and provide outsourced cybersecurity services to top Fortune 500 companies.