CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2020-5895

On NGINX Controller versions 3.1.0-3.3.0, AVRD uses world-readable and world-writable permissions on its socket, which allows processes or users on the local system to write arbitrary data into the socket. A local system attacker can make AVRD segmentation fault (SIGSEGV) by writing malformed messages to the socket.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 19.7%

CVSS Severity

CVSS v3 Score 7.8

CVSS v2 Score 4.6

References

https://security.netapp.com/advisory/ntap-20200522-0001/
https://support.f5.com/csp/article/K95120415
https://security.netapp.com/advisory/ntap-20200522-0001/
https://support.f5.com/csp/article/K95120415

Products affected by CVE-2020-5895

F5 » Nginx Controller » Version: 3.1.0

cpe:2.3:a:f5:nginx_controller:3.1.0
F5 » Nginx Controller » Version: 3.2.0

cpe:2.3:a:f5:nginx_controller:3.2.0
F5 » Nginx Controller » Version: 3.3.0

cpe:2.3:a:f5:nginx_controller:3.3.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-5895

Products

Pricing

Contact Us