Shodan
Vulnerabilities
Vulnerable Software
F5:  Security Vulnerabilities
CVE-2020-5909
In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, when users run the command displayed in NGINX Controller user interface (UI) to fetch the agent installer, the server TLS certificate is not verified.
CVSS Score
5.4
EPSS Score
0.001
Published
2020-07-02
CVE-2020-5910
In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, the Neural Autonomic Transport System (NATS) messaging services in use by the NGINX Controller do not require any form of authentication, so any successful connection would be authorized.
CVSS Score
7.5
EPSS Score
0.004
Published
2020-07-02
CVE-2020-5911
In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, the NGINX Controller installer starts the download of Kubernetes packages from an HTTP URL On Debian/Ubuntu system.
CVSS Score
7.3
EPSS Score
0.004
Published
2020-07-02
CVE-2020-5899
In NGINX Controller 3.0.0-3.4.0, recovery code required to change a user's password is transmitted and stored in the database in plain text, which allows an attacker who can intercept the database connection or have read access to the database, to request a password reset using the email address of another registered user then retrieve the recovery code.
CVSS Score
7.8
EPSS Score
0.0
Published
2020-07-01
CVE-2020-5901
In NGINX Controller 3.3.0-3.4.0, undisclosed API endpoints may allow for a reflected Cross Site Scripting (XSS) attack. If the victim user is logged in as admin this could result in a complete compromise of the system.
CVSS Score
9.6
EPSS Score
0.009
Published
2020-07-01
CVE-2020-5902
Known exploited
In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the Traffic Management User Interface (TMUI), also referred to as the Configuration utility, has a Remote Code Execution (RCE) vulnerability in undisclosed pages.
CVSS Score
9.8
EPSS Score
0.944
Published
2020-07-01
CVE-2020-5903
In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, a Cross-Site Scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility.
CVSS Score
6.1
EPSS Score
0.091
Published
2020-07-01
CVE-2020-5904
In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, a cross-site request forgery (CSRF) vulnerability in the Traffic Management User Interface (TMUI), also referred to as the Configuration utility, exists in an undisclosed page.
CVSS Score
8.8
EPSS Score
0.003
Published
2020-07-01
CVE-2020-5905
In version 11.6.1-11.6.5.2 of the BIG-IP system Configuration utility Network > WCCP page, the system does not sanitize all user-provided data before display.
CVSS Score
4.3
EPSS Score
0.003
Published
2020-07-01
CVE-2020-5906
In versions 13.1.0-13.1.3.3, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, the BIG-IP system does not properly enforce the access controls for the scp.blacklist files. This allows Admin and Resource Admin users with Secure Copy (SCP) protocol access to read and overwrite blacklisted files via SCP.
CVSS Score
8.1
EPSS Score
0.001
Published
2020-07-01


Products
Pricing
Contact Us

Shodan ® - All rights reserved