Sign-up

ID

VAR-202007-1104


CVE

CVE-2020-5911


TITLE

NGINX Controller Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2020-007467

DESCRIPTION

In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, the NGINX Controller installer starts the download of Kubernetes packages from an HTTP URL On Debian/Ubuntu system. NGINX Controller There is an unspecified vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. F5 NGINX Controller is the United States F5 One of the company's NGINX Centralized monitoring and management platform. The platform supports the management of multiple NGINX instance

Trust: 1.71

sources: NVD: CVE-2020-5911 // JVNDB: JVNDB-2020-007467 // VULHUB: VHN-184036

AFFECTED PRODUCTS

vendor:f5model:nginx controllerscope:eqversion:1.0.1

Trust: 1.8

vendor:f5model:nginx controllerscope:lteversion:2.9.0

Trust: 1.0

vendor:f5model:nginx controllerscope:lteversion:3.5.0

Trust: 1.0

vendor:f5model:nginx controllerscope:gteversion:3.0.0

Trust: 1.0

vendor:f5model:nginx controllerscope:gteversion:2.0.0

Trust: 1.0

vendor:f5model:nginx controllerscope:eqversion:2.0.0 から 2.9.0

Trust: 0.8

vendor:f5model:nginx controllerscope:eqversion:3.0.0 から 3.5.0

Trust: 0.8

sources: JVNDB: JVNDB-2020-007467 // NVD: CVE-2020-5911

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-5911
value: HIGH

Trust: 1.0

NVD: JVNDB-2020-007467
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202007-107
value: HIGH

Trust: 0.6

VULHUB: VHN-184036
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2020-5911
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-007467
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-184036
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-5911
baseSeverity: HIGH
baseScore: 7.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 3.9
impactScore: 3.4
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-007467
baseSeverity: HIGH
baseScore: 7.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-184036 // JVNDB: JVNDB-2020-007467 // CNNVD: CNNVD-202007-107 // NVD: CVE-2020-5911

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2020-5911

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202007-107

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202007-107

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-007467

PATCH
title:K84084843url:https://support.f5.com/csp/article/K84084843
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2020-007467

EXTERNAL IDS
db:NVDid:CVE-2020-5911
Trust: 2.5
db:JVNDBid:JVNDB-2020-007467
Trust: 0.8
db:CNNVDid:CNNVD-202007-107
Trust: 0.7
db:AUSCERTid:ESB-2020.2264
Trust: 0.6
db:VULHUBid:VHN-184036
Trust: 0.1
sources:
            
            
            VULHUB: VHN-184036 // 
            
            
            
            JVNDB: JVNDB-2020-007467 // 
            
            
            
            CNNVD: CNNVD-202007-107 // 
            
            
            
            NVD: CVE-2020-5911

REFERENCES
url:https://support.f5.com/csp/article/k84084843
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2020-5911
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5911
Trust: 0.8
url:https://www.auscert.org.au/bulletins/esb-2020.2264/
Trust: 0.6
sources:
            
            
            VULHUB: VHN-184036 // 
            
            
            
            JVNDB: JVNDB-2020-007467 // 
            
            
            
            CNNVD: CNNVD-202007-107 // 
            
            
            
            NVD: CVE-2020-5911

SOURCES
db:VULHUBid:VHN-184036
db:JVNDBid:JVNDB-2020-007467
db:CNNVDid:CNNVD-202007-107
db:NVDid:CVE-2020-5911

LAST UPDATE DATE
2024-11-23T21:51:24.801000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-184036date:2020-07-08T00:00:00
db:JVNDBid:JVNDB-2020-007467date:2020-08-14T00:00:00
db:CNNVDid:CNNVD-202007-107date:2020-07-09T00:00:00
db:NVDid:CVE-2020-5911date:2024-11-21T05:34:48.807

SOURCES RELEASE DATE
db:VULHUBid:VHN-184036date:2020-07-02T00:00:00
db:JVNDBid:JVNDB-2020-007467date:2020-08-14T00:00:00
db:CNNVDid:CNNVD-202007-107date:2020-07-02T00:00:00
db:NVDid:CVE-2020-5911date:2020-07-02T13:15:10.437