CVE-2020-5905

Published Jul 1, 2020

Last updated 3 years ago

CVSS medium 4.3

Overview

Description: In version 11.6.1-11.6.5.2 of the BIG-IP system Configuration utility Network > WCCP page, the system does not sanitize all user-provided data before display.
Source: f5sirt@f5.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 4.3
Impact score: 3.4
Exploitability score: 0.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L
Severity: MEDIUM

CVSS 2.0

Type: Primary
Base score: 6
Impact score: 6.4
Exploitability score: 6.8
Vector string: AV:N/AC:M/Au:S/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-79

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1F82C168-C3F0-4E5A-9465-4C9BE57FE888",
            "versionEndIncluding": "11.6.5.2",
            "versionStartIncluding": "11.6.1"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "26EA444C-FA23-40A7-98C7-404DC8E5611F",
            "versionEndIncluding": "11.6.5.2",
            "versionStartIncluding": "11.6.1"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8088D322-514B-49C3-9041-7FCD6902A0E6",
            "versionEndIncluding": "11.6.5.2",
            "versionStartIncluding": "11.6.1"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "74330249-E08A-4DAB-AB9F-13BE634D74DA",
            "versionEndIncluding": "11.6.5.2",
            "versionStartIncluding": "11.6.1"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C9A86305-2292-40FB-A984-9B15F7A079F0",
            "versionEndIncluding": "11.6.5.2",
            "versionStartIncluding": "11.6.1"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5415B126-600B-4200-AA87-AFB434BFAE9F",
            "versionEndIncluding": "11.6.5.2",
            "versionStartIncluding": "11.6.1"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "46F2C7CC-928E-418F-9033-AF84835EF588",
            "versionEndIncluding": "11.6.5.2",
            "versionStartIncluding": "11.6.1"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B7A79CD5-DF43-4D88-928B-0145CAD4069D",
            "versionEndIncluding": "11.6.5.2",
            "versionStartIncluding": "11.6.1"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "714EE4A8-ACA0-40A5-B183-34D08591A82B",
            "versionEndIncluding": "11.6.5.2",
            "versionStartIncluding": "11.6.1"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "ACC3FDE8-EFD4-4D92-89BD-40A0F6304965",
            "versionEndIncluding": "11.6.5.2",
            "versionStartIncluding": "11.6.1"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "583BE9A4-928A-4347-994B-2E7F2B2AAD30",
            "versionEndIncluding": "11.6.5.2",
            "versionStartIncluding": "11.6.1"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References