vulnerability

F5 Networks: K20059815 (CVE-2020-5943): iControl REST vulnerability CVE-2020-5943

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
4	(AV:N/AC:L/Au:S/C:P/I:N/A:N)	Nov 2, 2020	Nov 3, 2020	Dec 8, 2020

Severity

CVSS

(AV:N/AC:L/Au:S/C:P/I:N/A:N)

Published

Nov 2, 2020

Added

Nov 3, 2020

Modified

Dec 8, 2020

Description

In versions 14.1.0-14.1.0.1 and 14.1.2.5-14.1.2.7, when a BIG-IP object is created or listed through the REST interface, the protected fields are obfuscated in the REST response, not protected via a SecureVault cryptogram as TMSH does. One example of protected fields is the GTM monitor password.

Solution

f5-big-ip-upgrade-latest

References

URL-https://support.f5.com/csp/article/K20059815
NVD-CVE-2020-5943

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today