F5 emits fixes for critical flaws in BIG-IP gear: Hopefully yours aren't internet-facing while you ready a patch

F5 emits fixes for critical flaws in BIG-IP gear: Hopefully yours aren't internet-facing while you ready a patch

Network administrators are urged to patch their F5 BIG-IP application delivery controllers following the disclosure of a pair of critical remote takeover bugs.


The flaws in question, CVE-2020-5902 and CVE-2020-5903, lie within in a configuration tool known as the Traffic Management User Interface. Successful exploitation results in full admin control over the device.


In the case of CVE-2020-5902, the hole puts the equipment at risk of arbitrary code execution, while CVE-2020-5903 is a JavaScript-based cross-site-scripting vulnerability. CVE-2020-5902 has a CVSS score of 10 out of 10, which is not good, while CVE-2020-5903 has a lower, but still serious, score of 7.5.


"The attacker can create or delete files, disable services, intercept information, ..

Support the originator by clicking the read the rest link below.