CVE-2020-5902

In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the Traffic Management User Interface (TMUI), also referred to as the Configuration utility, has a Remote Code Execution (RCE) vulnerability in undisclosed pages.

Weakness: Improper Control of Generation of Code ('Code Injection')

The software constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

Published: 2020-07-01

Researcher Credit

• Mikhail Klyuchnikov

Vulnerable Products

• Ssl Orchestrator
• Big-Ip Advanced Firewall Manager
• Big-Ip Analytics
• Big-Ip Domain Name System
• Big-Ip Global Traffic Manager
• Big-Ip Access Policy Manager
• Big-Ip Ddos Hybrid Defender
• Big-Ip Policy Enforcement Manager
• Big-Ip Link Controller
• Big-Ip Local Traffic Manager
• Big-Ip Advanced Web Application Firewall
• Big-Ip Application Acceleration Manager
• Big-Ip Application Security Manager
• Big-Ip Fraud Protection Service

Community Advisory

This section is open source, for any additional information that enhances or clarifies the official advisory above.

Improve Advisory

CVE-2020-5902 Exploits (64)

• jas502n/CVE-2020-5902 ( 333)
• yassineaboukir/CVE-2020-5902 ( 71)
• theLSA/f5-bigip-rce-cve-2020-5902 ( 47)
• aqhmal/CVE-2020-5902-Scanner ( 45)
• dunderhay/CVE-2020-5902 ( 38)
• yasserjanah/CVE-2020-5902 ( 22)
• f5devcentral/cve-2020-5902-ioc-bigip-checker ( 14)
• ar0dd/CVE-2020-5902 ( 13)
• dwisiswant0/CVE-2020-5902 ( 11)
• nsflabs/CVE-2020-5902 ( 10)

Show all exploits (+54):

• rwincey/CVE-2020-5902-NSE ( 9)
• lijiaxing1997/CVE-2020-5902-POC-EXP ( 9)
• rockmelodies/CVE-2020-5902-rce-gui ( 8)
• sv3nbeast/CVE-2020-5902_RCE ( 8)
• zhzyker/CVE-2020-5902 ( 7)
• GovindPalakkal/EvilRip ( 6)
• PushpenderIndia/CVE-2020-5902-Scanner ( 5)
• jiansiting/CVE-2020-5902 ( 5)
• corelight/CVE-2020-5902-F5BigIP ( 4)
• Shu1L/CVE-2020-5902-fofa-scan ( 4)
• Al1ex/CVE-2020-5902 ( 4)
• d4rk007/F5-Big-IP-CVE-2020-5902-mass-exploiter ( 3)
• pwnhacker0x18/CVE-2020-5902-Mass ( 2)
• r0ttenbeef/cve-2020-5902 ( 2)
• deepsecurity-pe/GoF5-CVE-2020-5902 ( 2)
• MrCl0wnLab/checker-CVE-2020-5902 ( 2)
• murataydemir/CVE-2020-5902 ( 2)
• Un4gi/CVE-2020-5902 ( 2)
• faisalfs10x/F5-BIG-IP-CVE-2020-5902-shodan-scanner ( 1)
• 0xAbdullah/CVE-2020-5902 ( 1)
• Zinkuth/F5-BIG-IP-CVE-2020-5902 ( 1)
• itsjeffersonli/CVE-2020-5902 ( 1)
• jinnywc/CVE-2020-5902 ( 1)
• qlkwej/poc-CVE-2020-5902 ( 1)
• renanhsilva/checkvulnCVE2020590 ( 1)
• tom0li/CVE-2020-5902
• tututu12138/CVE-2020-5902
• qiong-qi/CVE-2020-5902-POC
• momika233/cve-2020-5902
• zhzyker/exphub
• projectdiscovery/nuclei-templates/cves/CVE-2020-5902.yaml
• rapid7/metasploit-framework/modules/exploits/linux/http/f5_bigip_tmui_rce.rb
• EtoYoshio/t_pwn
• k3nundrum/CVE-2020-5902
• halencarjunior/f5scan
• cybersecurityworks553/scanner-CVE-2020-5902
• cristiano-corrado/f5_scanner
• JSec1337/RCE-CVE-2020-5902
• corelight-ricky/CVE-2020-5902-F5BigIP
• ajdumanhug/CVE-2020-5902
• GoodiesHQ/F5-Patch
• wdlid/CVE-2020-5902-fix
• inho28/CVE-2020-5902-F5-BIGIP
• JaneMandy/CVE-2020-5902
• dnerzker/CVE-2020-5902
• jaeles-project/jaeles-signatures/cves/f5-bigip-rce-cve-2020-5902.yaml
• Any3ite/CVE-2020-5902-F5BIG
• TheCyberViking/CVE-2020-5902-Vuln-Checker
• 1N3/Sn1per/templates/active/CVE-2020-5902_-_F5_BIG-IP_Remote_Code_Execution_1.sh
• 1N3/Sn1per/templates/active/CVE-2020-5902_-_F5_BIG-IP_Remote_Code_Execution_2.sh
• 1N3/Sn1per/templates/active/CVE-2020-5902_-_F5_BIG-IP_XSS.sh
• ludy-dev/BIG-IP-F5-TMUI-RCE-Vulnerability
• faisalfs10x/F5-BIG-IP-CVE-2020-5902-checker
• superzerosec/cve-2020-5902

Official CVE References

View references (11)

• packetstormsecurity.com/files/158333/BIG-IP-TMUI-Remote-Code-Execution.html
• packetstormsecurity.com/files/158334/BIG-IP-TMUI-Remote-Code-Execution.html
• packetstormsecurity.com/files/158366/F5-BIG-IP-TMUI-Directory-Traversal-File-Upload-Code-Execution.html
• packetstormsecurity.com/files/158414/Checker-CVE-2020-5902.html
• packetstormsecurity.com/files/158581/F5-Big-IP-13.1.3-Build-0.0.6-Local-File-Inclusion.html
• badpackets.net/over-3000-f5-big-ip-endpoints-vulnerable-to-cve-2020-5902/
• Critical-Start/Team-Ares/tree/master/CVE-2020-5902
• f5.com/csp/article/K52145254
• ptsecurity.com/rce-in-f5-big-ip/
• criticalstart.com/f5-big-ip-remote-code-execution-exploit/
• kb.cert.org/vuls/id/290915