Sign-up

ID

VAR-202005-0990


CVE

CVE-2020-5895


TITLE

NGINX Controller Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2020-005181

DESCRIPTION

On NGINX Controller versions 3.1.0-3.3.0, AVRD uses world-readable and world-writable permissions on its socket, which allows processes or users on the local system to write arbitrary data into the socket. A local system attacker can make AVRD segmentation fault (SIGSEGV) by writing malformed messages to the socket. NGINX Controller There is an unspecified vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. F5 NGINX Controller is a centralized monitoring and management platform for NGINX from F5 Corporation in the United States. The platform supports managing multiple NGINX instances using a visual interface. A security vulnerability exists in the F5 NGINX Controller version 3.1.0 to 3.3.0 due to AVRD setting its sockets to be world readable and writable

Trust: 1.8

sources: NVD: CVE-2020-5895 // JVNDB: JVNDB-2020-005181 // VULHUB: VHN-184020 // VULMON: CVE-2020-5895

AFFECTED PRODUCTS

vendor:f5model:nginx controllerscope:ltversion:3.4.0

Trust: 1.0

vendor:f5model:nginx controllerscope:gteversion:3.1.0

Trust: 1.0

vendor:f5model:nginx controllerscope:eqversion:3.1.0 から 3.3.0

Trust: 0.8

vendor:f5model:nginx controllerscope:eqversion:3.1.0

Trust: 0.1

vendor:f5model:nginx controllerscope:eqversion:3.2.0

Trust: 0.1

vendor:f5model:nginx controllerscope:eqversion:3.3.0

Trust: 0.1

sources: VULMON: CVE-2020-5895 // JVNDB: JVNDB-2020-005181 // NVD: CVE-2020-5895

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-5895
value: HIGH

Trust: 1.0

NVD: JVNDB-2020-005181
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202005-246
value: HIGH

Trust: 0.6

VULHUB: VHN-184020
value: MEDIUM

Trust: 0.1

VULMON: CVE-2020-5895
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-5895
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: JVNDB-2020-005181
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-184020
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-5895
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-005181
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-184020 // VULMON: CVE-2020-5895 // JVNDB: JVNDB-2020-005181 // CNNVD: CNNVD-202005-246 // NVD: CVE-2020-5895

PROBLEMTYPE DATA

problemtype:CWE-732

Trust: 1.1

sources: VULHUB: VHN-184020 // NVD: CVE-2020-5895

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202005-246

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202005-246

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-005181

PATCH
title:K95120415url:https://support.f5.com/csp/article/K95120415
Trust: 0.8
title:F5 NGINX Controller Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=118623
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2020-005181 // 
            
            
            
            CNNVD: CNNVD-202005-246

EXTERNAL IDS
db:NVDid:CVE-2020-5895
Trust: 2.6
db:JVNDBid:JVNDB-2020-005181
Trust: 0.8
db:CNNVDid:CNNVD-202005-246
Trust: 0.7
db:NSFOCUSid:47552
Trust: 0.6
db:AUSCERTid:ESB-2020.1623
Trust: 0.6
db:VULHUBid:VHN-184020
Trust: 0.1
db:VULMONid:CVE-2020-5895
Trust: 0.1
sources:
            
            
            VULHUB: VHN-184020 // 
            
            
            
            VULMON: CVE-2020-5895 // 
            
            
            
            JVNDB: JVNDB-2020-005181 // 
            
            
            
            CNNVD: CNNVD-202005-246 // 
            
            
            
            NVD: CVE-2020-5895

REFERENCES
url:https://support.f5.com/csp/article/k95120415
Trust: 1.8
url:https://security.netapp.com/advisory/ntap-20200522-0001/
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2020-5895
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5895
Trust: 0.8
url:https://www.auscert.org.au/bulletins/esb-2020.1623/
Trust: 0.6
url:http://www.nsfocus.net/vulndb/47552
Trust: 0.6
url:https://cwe.mitre.org/data/definitions/.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULHUB: VHN-184020 // 
            
            
            
            VULMON: CVE-2020-5895 // 
            
            
            
            JVNDB: JVNDB-2020-005181 // 
            
            
            
            CNNVD: CNNVD-202005-246 // 
            
            
            
            NVD: CVE-2020-5895

SOURCES
db:VULHUBid:VHN-184020
db:VULMONid:CVE-2020-5895
db:JVNDBid:JVNDB-2020-005181
db:CNNVDid:CNNVD-202005-246
db:NVDid:CVE-2020-5895

LAST UPDATE DATE
2024-11-23T22:05:37.876000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-184020date:2022-07-12T00:00:00
db:VULMONid:CVE-2020-5895date:2020-05-22T00:00:00
db:JVNDBid:JVNDB-2020-005181date:2020-06-09T00:00:00
db:CNNVDid:CNNVD-202005-246date:2022-07-14T00:00:00
db:NVDid:CVE-2020-5895date:2024-11-21T05:34:47.027

SOURCES RELEASE DATE
db:VULHUBid:VHN-184020date:2020-05-07T00:00:00
db:VULMONid:CVE-2020-5895date:2020-05-07T00:00:00
db:JVNDBid:JVNDB-2020-005181date:2020-06-09T00:00:00
db:CNNVDid:CNNVD-202005-246date:2020-05-07T00:00:00
db:NVDid:CVE-2020-5895date:2020-05-07T13:15:12.187