Vulnerabilities > CVE-2020-5873 - Unspecified vulnerability in F5 products

047910
CVSS 7.2 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
HIGH
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
f5
nessus

Summary

On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.6.1-11.6.5 and BIG-IQ 5.2.0-7.1.0, a user associated with the Resource Administrator role who has access to the secure copy (scp) utility but does not have access to Advanced Shell (bash) can execute arbitrary commands using a maliciously crafted scp request.

Vulnerable Configurations

Part Description Count
Application
F5
954

Nessus

NASL familyF5 Networks Local Security Checks
NASL idF5_BIGIP_SOL03585731.NASL
descriptionA user associated with the Resource Administrator role who has access to the secure copy (scp) utilitybut does not have access to Advanced Shell (bash)can execute arbitrary commands using a maliciously crafted scp request.(CVE-2020-5873) Impact An authenticated user with Resource Administrator role can run shell commands with elevated privilege.
last seen2020-05-15
modified2020-04-30
plugin id136130
published2020-04-30
reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
sourcehttps://www.tenable.com/plugins/nessus/136130
titleF5 Networks BIG-IP : F5 secure shell vulnerability (K03585731)