CVE-2020-5904
moderate-risk
Published 2020-07-01
In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, a cross-site request forgery (CSRF) vulnerability in the Traffic Management User Interface (TMUI), also referred to as the Configuration utility, exists in an undisclosed page.
Do I need to act?
-
0.28% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.8/10
High
NETWORK
/ LOW complexity
Affected Products (11)
Affected Vendors
References (4)
Vendor Advisory
https://support.f5.com/csp/article/K31301245
Third Party Advisory
https://www.kb.cert.org/vuls/id/290915
Vendor Advisory
https://support.f5.com/csp/article/K31301245
Third Party Advisory
https://www.kb.cert.org/vuls/id/290915
47
/ 100
moderate-risk
Severity
30/34 · Critical
Exploitability
1/34 · Minimal
Exposure
16/34 · Moderate