Sign-up

ID

VAR-202004-2012


CVE

CVE-2020-5868


TITLE

BIG-IQ In OS Command injection vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2020-004929

DESCRIPTION

In BIG-IQ 6.0.0-7.0.0, a remote access vulnerability has been discovered that may allow a remote user to execute shell commands on affected systems using HTTP requests to the BIG-IQ user interface. BIG-IQ To OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. F5 BIG-IQ Centralized Management is a set of software-based cloud management solutions from F5 Corporation of the United States. The solution supports the deployment of application delivery and network services across public and private clouds, traditional data centers and hybrid environments. A security vulnerability exists in F5 BIG-IQ Centralized Management versions 7.0.0 and 6.0.0 through 6.1.0. Attackers can use the Grafana component to exploit this vulnerability to run local shell commands on the system

Trust: 1.8

sources: NVD: CVE-2020-5868 // JVNDB: JVNDB-2020-004929 // VULHUB: VHN-183993 // VULMON: CVE-2020-5868

AFFECTED PRODUCTS

vendor:f5model:big-iq centralized managementscope:eqversion:7.0.0

Trust: 1.0

vendor:f5model:big-iq centralized managementscope:gteversion:6.0.0

Trust: 1.0

vendor:f5model:big-iq centralized managementscope:lteversion:6.1.0

Trust: 1.0

vendor:f5model:big-iq centralized managementscope:eqversion:6.0.0 から 7.0.0

Trust: 0.8

sources: JVNDB: JVNDB-2020-004929 // NVD: CVE-2020-5868

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-5868
value: CRITICAL

Trust: 1.0

NVD: JVNDB-2020-004929
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-202004-2094
value: CRITICAL

Trust: 0.6

VULHUB: VHN-183993
value: HIGH

Trust: 0.1

VULMON: CVE-2020-5868
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2020-5868
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: JVNDB-2020-004929
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-183993
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-5868
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-004929
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-183993 // VULMON: CVE-2020-5868 // JVNDB: JVNDB-2020-004929 // CNNVD: CNNVD-202004-2094 // NVD: CVE-2020-5868

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.9

sources: VULHUB: VHN-183993 // JVNDB: JVNDB-2020-004929 // NVD: CVE-2020-5868

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202004-2094

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-202004-2094

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-004929

PATCH
title:K37130415url:https://support.f5.com/csp/article/K37130415
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2020-004929

EXTERNAL IDS
db:NVDid:CVE-2020-5868
Trust: 2.6
db:JVNDBid:JVNDB-2020-004929
Trust: 0.8
db:CNNVDid:CNNVD-202004-2094
Trust: 0.7
db:AUSCERTid:ESB-2020.1432
Trust: 0.6
db:VULHUBid:VHN-183993
Trust: 0.1
db:VULMONid:CVE-2020-5868
Trust: 0.1
sources:
            
            
            VULHUB: VHN-183993 // 
            
            
            
            VULMON: CVE-2020-5868 // 
            
            
            
            JVNDB: JVNDB-2020-004929 // 
            
            
            
            CNNVD: CNNVD-202004-2094 // 
            
            
            
            NVD: CVE-2020-5868

REFERENCES
url:https://support.f5.com/csp/article/k37130415
Trust: 1.8
url:https://nvd.nist.gov/vuln/detail/cve-2020-5868
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5868
Trust: 0.8
url:https://www.auscert.org.au/bulletins/esb-2020.1432/
Trust: 0.6
url:https://cwe.mitre.org/data/definitions/78.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/180720
Trust: 0.1
sources:
            
            
            VULHUB: VHN-183993 // 
            
            
            
            VULMON: CVE-2020-5868 // 
            
            
            
            JVNDB: JVNDB-2020-004929 // 
            
            
            
            CNNVD: CNNVD-202004-2094 // 
            
            
            
            NVD: CVE-2020-5868

SOURCES
db:VULHUBid:VHN-183993
db:VULMONid:CVE-2020-5868
db:JVNDBid:JVNDB-2020-004929
db:CNNVDid:CNNVD-202004-2094
db:NVDid:CVE-2020-5868

LAST UPDATE DATE
2024-11-23T23:11:26.456000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-183993date:2020-05-01T00:00:00
db:VULMONid:CVE-2020-5868date:2020-05-01T00:00:00
db:JVNDBid:JVNDB-2020-004929date:2020-06-03T00:00:00
db:CNNVDid:CNNVD-202004-2094date:2020-05-06T00:00:00
db:NVDid:CVE-2020-5868date:2024-11-21T05:34:44.060

SOURCES RELEASE DATE
db:VULHUBid:VHN-183993date:2020-04-24T00:00:00
db:VULMONid:CVE-2020-5868date:2020-04-24T00:00:00
db:JVNDBid:JVNDB-2020-004929date:2020-06-03T00:00:00
db:CNNVDid:CNNVD-202004-2094date:2020-04-24T00:00:00
db:NVDid:CVE-2020-5868date:2020-04-24T13:15:11.827