Vulnerabilities > CVE-2020-5873 - Unspecified vulnerability in F5 products
Attack vector
NETWORK Attack complexity
LOW Privileges required
HIGH Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.6.1-11.6.5 and BIG-IQ 5.2.0-7.1.0, a user associated with the Resource Administrator role who has access to the secure copy (scp) utility but does not have access to Advanced Shell (bash) can execute arbitrary commands using a maliciously crafted scp request.
Vulnerable Configurations
Nessus
| NASL family | F5 Networks Local Security Checks |
| NASL id | F5_BIGIP_SOL03585731.NASL |
| description | A user associated with the Resource Administrator role who has access to the secure copy (scp) utilitybut does not have access to Advanced Shell (bash)can execute arbitrary commands using a maliciously crafted scp request.(CVE-2020-5873) Impact An authenticated user with Resource Administrator role can run shell commands with elevated privilege. |
| last seen | 2020-05-15 |
| modified | 2020-04-30 |
| plugin id | 136130 |
| published | 2020-04-30 |
| reporter | This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. |
| source | https://www.tenable.com/plugins/nessus/136130 |
| title | F5 Networks BIG-IP : F5 secure shell vulnerability (K03585731) |