Details of VAR-202004-2009

ID

VAR-202004-2009

CVE

CVE-2020-5865

TITLE

NGINX Controller Vulnerability regarding information leakage in

Trust: 0.8

sources: JVNDB: JVNDB-2020-004668

DESCRIPTION

In versions prior to 3.3.0, the NGINX Controller is configured to communicate with its Postgres database server over unencrypted channels, making the communicated data vulnerable to interception via man-in-the-middle (MiTM) attacks. NGINX Controller There is an information leakage vulnerability in.Information may be obtained and tampered with. F5 NGINX Controller is a centralized monitoring and management platform for NGINX from F5 Corporation in the United States. The platform supports managing multiple NGINX instances using a visual interface. An attacker could exploit this vulnerability by implementing a man-in-the-middle attack to intercept the communicated data

Trust: 1.71

sources: NVD: CVE-2020-5865 // JVNDB: JVNDB-2020-004668 // VULHUB: VHN-183990

AFFECTED PRODUCTS

vendor:	f5	model:	nginx controller	scope:	lte	version:	2.9.0	Trust: 1.0
vendor:	f5	model:	nginx controller	scope:	lt	version:	3.3.0	Trust: 1.0
vendor:	f5	model:	nginx controller	scope:	gte	version:	3.0.0	Trust: 1.0
vendor:	netapp	model:	cloud backup	scope:	eq	version:	-	Trust: 1.0
vendor:	f5	model:	nginx controller	scope:	eq	version:	1.0.1	Trust: 1.0
vendor:	f5	model:	nginx controller	scope:	gte	version:	2.0.0	Trust: 1.0
vendor:	f5	model:	nginx controller	scope:	eq	version:	3.3.0	Trust: 0.8

sources: JVNDB: JVNDB-2020-004668 // NVD: CVE-2020-5865

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-5865
value:	MEDIUM
Trust: 1.0
NVD:	JVNDB-2020-004668
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202004-2011
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-183990
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-5865
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	JVNDB-2020-004668
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
VULHUB:	VHN-183990
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-5865
baseSeverity:	MEDIUM
baseScore:	4.8
vectorString:	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.2
impactScore:	2.5
version:	3.1
Trust: 1.0
NVD:	JVNDB-2020-004668
baseSeverity:	MEDIUM
baseScore:	4.8
vectorString:	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-183990 // JVNDB: JVNDB-2020-004668 // CNNVD: CNNVD-202004-2011 // NVD: CVE-2020-5865

PROBLEMTYPE DATA

problemtype:	CWE-319	Trust: 1.1
problemtype:	CWE-200	Trust: 0.9

sources: VULHUB: VHN-183990 // JVNDB: JVNDB-2020-004668 // NVD: CVE-2020-5865

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202004-2011

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-202004-2011

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-004668

PATCH

title:

K21009022

url:

https://support.f5.com/csp/article/K21009022

Trust: 0.8

sources: JVNDB: JVNDB-2020-004668

EXTERNAL IDS

db:	NVD	id:	CVE-2020-5865	Trust: 2.5
db:	JVNDB	id:	JVNDB-2020-004668	Trust: 0.8
db:	CNNVD	id:	CNNVD-202004-2011	Trust: 0.7
db:	AUSCERT	id:	ESB-2020.1419	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.1419.2	Trust: 0.6
db:	CNVD	id:	CNVD-2020-33346	Trust: 0.1
db:	VULHUB	id:	VHN-183990	Trust: 0.1

sources: VULHUB: VHN-183990 // JVNDB: JVNDB-2020-004668 // CNNVD: CNNVD-202004-2011 // NVD: CVE-2020-5865

REFERENCES

url:	https://security.netapp.com/advisory/ntap-20200430-0005/	Trust: 1.7
url:	https://support.f5.com/csp/article/k21009022	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2020-5865	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5865	Trust: 0.8
url:	https://www.auscert.org.au/bulletins/esb-2020.1419.2/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.1419/	Trust: 0.6

sources: VULHUB: VHN-183990 // JVNDB: JVNDB-2020-004668 // CNNVD: CNNVD-202004-2011 // NVD: CVE-2020-5865

SOURCES

db:	VULHUB	id:	VHN-183990
db:	JVNDB	id:	JVNDB-2020-004668
db:	CNNVD	id:	CNNVD-202004-2011
db:	NVD	id:	CVE-2020-5865

LAST UPDATE DATE

2024-11-23T21:51:29.959000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-183990	date:	2022-04-26T00:00:00
db:	JVNDB	id:	JVNDB-2020-004668	date:	2020-05-25T00:00:00
db:	CNNVD	id:	CNNVD-202004-2011	date:	2022-04-27T00:00:00
db:	NVD	id:	CVE-2020-5865	date:	2024-11-21T05:34:43.727

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-183990	date:	2020-04-23T00:00:00
db:	JVNDB	id:	JVNDB-2020-004668	date:	2020-05-25T00:00:00
db:	CNNVD	id:	CNNVD-202004-2011	date:	2020-04-23T00:00:00
db:	NVD	id:	CVE-2020-5865	date:	2020-04-23T19:15:13.013