CVE-2020-5873

{"id": "CVE-2020-5873", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.2}]}, "published": "2020-04-30T21:15:16.510", "references": [{"url": "https://support.f5.com/csp/article/K03585731", "tags": ["Vendor Advisory"], "source": "f5sirt@f5.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.6.1-11.6.5 and BIG-IQ 5.2.0-7.1.0, a user associated with the Resource Administrator role who has access to the secure copy (scp) utility but does not have access to Advanced Shell (bash) can execute arbitrary commands using a maliciously crafted scp request."}, {"lang": "es", "value": "En BIG-IP versiones 15.0.0 hasta 15.0.1, 14.1.0 hasta 14.1.2.3, 13.1.0 hasta 13.1.3.1, 12.1.0 hasta 12.1.5 y 11.6.1 hasta 11.6.5 y BIG-IQ versiones 5.2.0 hasta 7.1.0, un usuario asociado con el rol de Administrador de Recursos que posee acceso a la utilidad secure copy (scp) pero no posee acceso a Advanced Shell (bash) puede ejecutar comandos arbitrarios usando una petici\u00f3n de scp creada con fines maliciosos."}], "lastModified": "2020-05-11T13:53:51.663", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2FBA9552-4645-4BFF-91A4-47B6A3414325", "versionEndIncluding": "11.6.5", "versionStartIncluding": "11.6.1"}, {"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6C3B5688-0235-4D4F-A26C-440FF24A1B43", "versionEndIncluding": "12.1.5", "versionStartIncluding": "12.1.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C7174510-CC8F-4F4D-9706-C7CBB99D7172", "versionEndIncluding": "13.1.3.1", "versionStartIncluding": "13.1.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "07FC84CA-3E12-43FB-ADBD-7B988DEF3A97", "versionEndIncluding": "14.1.2.3", "versionStartIncluding": "14.1.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D6A53E3C-3E09-4100-8D5A-10AD4973C230", "versionEndIncluding": "15.0.1", "versionStartIncluding": "15.0.0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:f5:big-iq_centralized_management:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "14A4E46D-F0DB-4201-9102-EC89FACBE780", "versionEndIncluding": "5.4.0", "versionStartIncluding": "5.2.0"}, {"criteria": "cpe:2.3:a:f5:big-iq_centralized_management:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F37D18F2-8C6A-4557-85DC-2A751595423C", "versionEndIncluding": "6.1.0", "versionStartIncluding": "6.0.0"}, {"criteria": "cpe:2.3:a:f5:big-iq_centralized_management:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C88B0206-093A-4A18-8322-A1CD1D4ACF2A", "versionEndIncluding": "7.1.0", "versionStartIncluding": "7.0.0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "61D1B91F-8672-4947-AF9A-F635679D0FB7", "versionEndIncluding": "11.6.5", "versionStartIncluding": "11.6.1"}, {"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "151ED6D1-AA85-4213-8F3A-8167CBEC4721", "versionEndIncluding": "12.1.5", "versionStartIncluding": "12.1.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F2BFAF3E-5E01-4EBF-AC8C-92DDFF38EB8F", "versionEndIncluding": "13.1.3.1", "versionStartIncluding": "13.1.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5BEE162F-A016-4EDB-A7D1-1F87945EED3E", "versionEndIncluding": "14.1.2.3", "versionStartIncluding": "14.1.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FCAE28C2-0ADD-4FD0-A520-EFB764164DD8", "versionEndIncluding": "15.0.1", "versionStartIncluding": "15.0.0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C3787453-ECE9-4958-8FD8-8A43A9F86077", "versionEndIncluding": "11.6.5", "versionStartIncluding": "11.6.1"}, {"criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5D5AA99B-08E7-4959-A3B4-41AA527B4B22", "versionEndIncluding": "12.1.5", "versionStartIncluding": "12.1.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "88FFA413-C798-4FB6-AA37-1BDD1C11DD06", "versionEndIncluding": "13.1.3.1", "versionStartIncluding": "13.1.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7F553CD8-01FF-4616-A32C-4F4B5844A6FD", "versionEndIncluding": "14.1.2.3", "versionStartIncluding": "14.1.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "36A213C6-D6E4-4F38-989D-81D3DFC11829", "versionEndIncluding": "15.0.1", "versionStartIncluding": "15.0.0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "05ED802A-A8A0-4E96-AB45-811A98AA11C2", "versionEndIncluding": "11.6.5", "versionStartIncluding": "11.6.1"}, {"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9DC86A5F-C793-4848-901F-04BFB57A07F6", "versionEndIncluding": "12.1.5", "versionStartIncluding": "12.1.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C13DFF4A-CD7C-4B9A-AD90-79E29FC1D117", "versionEndIncluding": "13.1.3.1", "versionStartIncluding": "13.1.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "547D6BFB-5DE8-4027-88EF-0349400494D1", "versionEndIncluding": "14.1.2.3", "versionStartIncluding": "14.1.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "59D9F39B-206B-4E76-A811-1CAA705A60EE", "versionEndIncluding": "15.0.1", "versionStartIncluding": "15.0.0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B15992E6-85B6-4E62-A284-FE4B78F5F373", "versionEndIncluding": "11.6.5", "versionStartIncluding": "11.6.1"}, {"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2E5552A3-91CD-4B97-AD33-4F1FB4C8827A", "versionEndIncluding": "12.1.5", "versionStartIncluding": "12.1.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "241F94B5-C01C-4F62-85D9-EAC3C71845BC", "versionEndIncluding": "13.1.3.1", "versionStartIncluding": "13.1.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7881BC1C-1B10-43D4-AD4A-545D7C7C4160", "versionEndIncluding": "14.1.2.3", "versionStartIncluding": "14.1.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "70099A38-3B84-4C40-8590-BE6C8F7C21A7", "versionEndIncluding": "15.0.1", "versionStartIncluding": "15.0.0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8376922B-0D04-4E5D-BADE-0D6AC23A4696", "versionEndIncluding": "11.6.5", "versionStartIncluding": "11.6.1"}, {"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "55C2EC23-E78F-4447-BACF-21FC36ABF155", "versionEndIncluding": "12.1.5", "versionStartIncluding": "12.1.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "09B194A3-5261-4063-9E02-19855CCD8A90", "versionEndIncluding": "13.1.3.1", "versionStartIncluding": "13.1.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "17DCA2C1-FD7A-430F-AD7C-4AB2DF7E233E", "versionEndIncluding": "14.1.2.3", "versionStartIncluding": "14.1.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1DE40473-ABAE-4D91-8EBB-FB5719E107F6", "versionEndIncluding": "15.0.1", "versionStartIncluding": "15.0.0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0471086D-B70E-4B87-862E-01FB99B0D5D5", "versionEndIncluding": "11.6.5", "versionStartIncluding": "11.6.1"}, {"criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "945A19E8-51EB-42FE-9BF1-12DAC78B5286", "versionEndIncluding": "12.1.5", "versionStartIncluding": "12.1.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "48A3DFA8-2DB0-4F65-AE6F-BB02CF42EE7E", "versionEndIncluding": "13.1.3.1", "versionStartIncluding": "13.1.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F6DFBD76-20DB-497D-B407-1EAA5555B49F", "versionEndIncluding": "14.1.2.3", "versionStartIncluding": "14.1.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "18B5A918-F9AA-4889-94A7-33E6E54CF383", "versionEndIncluding": "15.0.1", "versionStartIncluding": "15.0.0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CD3D5803-35A0-4FF7-9AD3-E345C53A18FC", "versionEndIncluding": "11.6.5", "versionStartIncluding": "11.6.1"}, {"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EB5007D0-BBDB-4D74-9C88-98FBA74757D1", "versionEndIncluding": "12.1.5", "versionStartIncluding": "12.1.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FBE0191C-ABA8-4FBE-99FE-D8DD9ABCA57D", "versionEndIncluding": "13.1.3.1", "versionStartIncluding": "13.1.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "64B21CD4-4D50-45EC-8297-D54A1BBC6521", "versionEndIncluding": "14.1.2.3", "versionStartIncluding": "14.1.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EF606356-8191-478D-AF60-D48A408CD9ED", "versionEndIncluding": "15.0.1", "versionStartIncluding": "15.0.0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E20DFBD1-5469-4330-81B1-078D6487C01D", "versionEndIncluding": "11.6.5", "versionStartIncluding": "11.6.1"}, {"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B7725810-66D2-4460-A174-9F3BFAD966F2", "versionEndIncluding": "12.1.5", "versionStartIncluding": "12.1.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FC6FB035-B2F6-452B-A407-85535B07D897", "versionEndIncluding": "13.1.3.1", "versionStartIncluding": "13.1.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DA369F2E-2E17-4BEA-B894-14656D977B93", "versionEndIncluding": "14.1.2.3", "versionStartIncluding": "14.1.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FA3E37E6-64B9-4668-AC01-933711E1C934", "versionEndIncluding": "15.0.1", "versionStartIncluding": "15.0.0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F92F2449-8A6E-431E-8CB1-5255D2464B31", "versionEndIncluding": "11.6.5", "versionStartIncluding": "11.6.1"}, {"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EFD760FE-4347-4D36-B5C6-4009398060F2", "versionEndIncluding": "12.1.5", "versionStartIncluding": "12.1.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "76D757F4-B333-4EFB-87CE-1F14BD1B1734", "versionEndIncluding": "13.1.3.1", "versionStartIncluding": "13.1.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7E0B6F31-DC75-49C9-9E59-EF1CD68B1B3D", "versionEndIncluding": "14.1.2.3", "versionStartIncluding": "14.1.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8CCD3CF9-EA9D-43FF-8ADA-713B4B5C468E", "versionEndIncluding": "15.0.1", "versionStartIncluding": "15.0.0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "53F940F3-6CF4-48C8-BFBF-4FE9B3A26D31", "versionEndIncluding": "11.6.5", "versionStartIncluding": "11.6.1"}, {"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "65B76F53-7D8B-477E-8B6E-91AC0A9009FF", "versionEndIncluding": "12.1.5", "versionStartIncluding": "12.1.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1886D50C-6B79-4A7F-887B-08093F0C4894", "versionEndIncluding": "13.1.3.1", "versionStartIncluding": "13.1.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8D806FBF-8E6D-412C-B547-92AD9294B639", "versionEndIncluding": "14.1.2.3", "versionStartIncluding": "14.1.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EC6612AB-E46B-4A8B-9B3E-C711D8C27962", "versionEndIncluding": "15.0.1", "versionStartIncluding": "15.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "f5sirt@f5.com"}