CVE-2020-27719

On BIG-IP 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, and 14.1.0-14.1.3, a cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility.

CVSS v3 6.1 MEDIUM
CVSS v2.0 4.3 MEDIUM

6.1^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

4.3^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
https://support.f5.com/csp/article/K19166530	Vendor Advisory
https://support.f5.com/csp/article/K19166530	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:f5:big-ip_access_policy_manager::::::::
	cpe:2.3:a:f5:big-ip_access_policy_manager::::::::
	cpe:2.3:a:f5:big-ip_access_policy_manager::::::::
	cpe:2.3:a:f5:big-ip_advanced_firewall_manager::::::::
	cpe:2.3:a:f5:big-ip_advanced_firewall_manager::::::::
	cpe:2.3:a:f5:big-ip_advanced_firewall_manager::::::::
	cpe:2.3:a:f5:big-ip_advanced_web_application_firewall::::::::
	cpe:2.3:a:f5:big-ip_advanced_web_application_firewall::::::::
	cpe:2.3:a:f5:big-ip_advanced_web_application_firewall::::::::
	cpe:2.3:a:f5:big-ip_analytics::::::::
	cpe:2.3:a:f5:big-ip_analytics::::::::
	cpe:2.3:a:f5:big-ip_analytics::::::::
	cpe:2.3:a:f5:big-ip_application_acceleration_manager::::::::
	cpe:2.3:a:f5:big-ip_application_acceleration_manager::::::::
	cpe:2.3:a:f5:big-ip_application_acceleration_manager::::::::
	cpe:2.3:a:f5:big-ip_application_security_manager::::::::
	cpe:2.3:a:f5:big-ip_application_security_manager::::::::
	cpe:2.3:a:f5:big-ip_application_security_manager::::::::
	cpe:2.3:a:f5:big-ip_ddos_hybrid_defender::::::::
	cpe:2.3:a:f5:big-ip_ddos_hybrid_defender::::::::
	cpe:2.3:a:f5:big-ip_ddos_hybrid_defender::::::::
	cpe:2.3:a:f5:big-ip_domain_name_system::::::::
	cpe:2.3:a:f5:big-ip_domain_name_system::::::::
	cpe:2.3:a:f5:big-ip_domain_name_system::::::::
	cpe:2.3:a:f5:big-ip_fraud_protection_service::::::::
	cpe:2.3:a:f5:big-ip_fraud_protection_service::::::::
	cpe:2.3:a:f5:big-ip_fraud_protection_service::::::::
	cpe:2.3:a:f5:big-ip_global_traffic_manager::::::::
	cpe:2.3:a:f5:big-ip_global_traffic_manager::::::::
	cpe:2.3:a:f5:big-ip_global_traffic_manager::::::::
	cpe:2.3:a:f5:big-ip_link_controller::::::::
	cpe:2.3:a:f5:big-ip_link_controller::::::::
	cpe:2.3:a:f5:big-ip_link_controller::::::::
	cpe:2.3:a:f5:big-ip_local_traffic_manager::::::::
	cpe:2.3:a:f5:big-ip_local_traffic_manager::::::::
	cpe:2.3:a:f5:big-ip_local_traffic_manager::::::::
	cpe:2.3:a:f5:big-ip_policy_enforcement_manager::::::::
	cpe:2.3:a:f5:big-ip_policy_enforcement_manager::::::::
	cpe:2.3:a:f5:big-ip_policy_enforcement_manager::::::::
	cpe:2.3:a:f5:ssl_orchestrator::::::::
	cpe:2.3:a:f5:ssl_orchestrator::::::::
	cpe:2.3:a:f5:ssl_orchestrator::::::::

History

21 Nov 2024, 05:21

Type	Values Removed	Values Added
References	~~() https://support.f5.com/csp/article/K19166530 - Vendor Advisory~~	() https://support.f5.com/csp/article/K19166530 - Vendor Advisory

Information

Published : 2020-12-24 16:15

Updated : 2024-11-21 05:21

NVD link : CVE-2020-27719

Mitre link : CVE-2020-27719

CVE.ORG link : CVE-2020-27719

JSON object : View

Products Affected

big-ip_local_traffic_manager
big-ip_fraud_protection_service
big-ip_access_policy_manager
big-ip_ddos_hybrid_defender
big-ip_global_traffic_manager
big-ip_domain_name_system
big-ip_application_acceleration_manager
big-ip_advanced_web_application_firewall
ssl_orchestrator
big-ip_policy_enforcement_manager
big-ip_link_controller
big-ip_analytics
big-ip_application_security_manager
big-ip_advanced_firewall_manager

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

{"id": "CVE-2020-27719", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}]}, "published": "2020-12-24T16:15:15.037", "references": [{"url": "https://support.f5.com/csp/article/K19166530", "tags": ["Vendor Advisory"], "source": "f5sirt@f5.com"}, {"url": "https://support.f5.com/csp/article/K19166530", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "On BIG-IP 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, and 14.1.0-14.1.3, a cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility."}, {"lang": "es", "value": "En BIG-IP versiones 16.0.0-16.0.0.1, 15.1.0-15.1.0.5 y 14.1.0-14.1.3, se presenta una vulnerabilidad de tipo cross-site scripting (XSS) en una p\u00e1gina no revelada de la utilidad BIG-IP Configuration"}], "lastModified": "2024-11-21T05:21:41.473", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D27EBC7C-4EE1-4574-9AFD-2868611D80B8", "versionEndExcluding": "14.1.3.1", "versionStartIncluding": "14.1.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2AE7C1F6-4D07-4D9A-835C-18CC8D71D61A", "versionEndExcluding": "15.1.1", "versionStartIncluding": "15.0.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3F3F98DD-C142-4030-AD11-A3129D5FFEA9", "versionEndExcluding": "16.0.1", "versionStartIncluding": "16.0.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "86D94B31-6496-42B0-BA04-370C283C4641", "versionEndExcluding": "14.1.3.1", "versionStartIncluding": "14.1.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B4E7E813-5C68-4E17-82AC-B74056FCF24A", "versionEndExcluding": "15.1.1", "versionStartIncluding": "15.0.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1247022A-F95F-4DF6-87AC-2E6757B01DC3", "versionEndExcluding": "16.0.1", "versionStartIncluding": "16.0.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BF641654-BDC0-4483-B6BA-D5566427E5C5", "versionEndExcluding": "14.1.3.1", "versionStartIncluding": "14.1.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F635B29F-2148-4931-A834-EB5B79C26388", "versionEndExcluding": "15.1.1", "versionStartIncluding": "15.0.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F7034BE5-23A6-47FA-9D80-3F3CF29DA2B5", "versionEndExcluding": "16.0.1", "versionStartIncluding": "16.0.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2F630B15-9652-477D-ACDE-BB846FAA2D92", "versionEndExcluding": "14.1.3.1", "versionStartIncluding": "14.1.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4E9844F8-67D6-4EDA-A850-CE34C2D4E90F", "versionEndExcluding": "15.1.1", "versionStartIncluding": "15.0.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F491CF7C-EC9A-4413-9B84-459FE83E0AF5", "versionEndExcluding": "16.0.1", "versionStartIncluding": "16.0.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6FB29F87-8F6B-452A-9A9B-B7680C37CE43", "versionEndExcluding": "14.1.3.1", "versionStartIncluding": "14.1.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "367CAAB5-6DCD-4C2D-9075-C050FF3262AC", "versionEndExcluding": "15.1.1", "versionStartIncluding": "15.0.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D54A135F-CD1E-41AD-82C3-F15A21AA87BE", "versionEndExcluding": "16.0.1", "versionStartIncluding": "16.0.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A0B1C52A-361A-46BD-9531-96C69F011EBC", "versionEndExcluding": "14.1.3.1", "versionStartIncluding": "14.1.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A479BF72-A211-4E61-BB37-309E7DB46E31", "versionEndExcluding": "15.1.1", "versionStartIncluding": "15.0.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C3B360C4-C9E2-4889-ADD5-3482E69BA8E7", "versionEndExcluding": "16.0.1", "versionStartIncluding": "16.0.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D288196E-3937-4531-9571-07893BEE7296", "versionEndExcluding": "14.1.3.1", "versionStartIncluding": "14.1.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E464E1CF-4BCB-4B95-A8F0-55582950D29C", "versionEndExcluding": "15.1.1", "versionStartIncluding": "15.0.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3448CBCB-D42E-4DAA-A52F-4225B2EB022A", "versionEndExcluding": "16.0.1", "versionStartIncluding": "16.0.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "95CD946B-331A-44F5-8F64-26411E909F13", "versionEndExcluding": "14.1.3.1", "versionStartIncluding": "14.1.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "77AB154F-ADC2-4AD4-B246-346862D7013D", "versionEndExcluding": "15.1.1", "versionStartIncluding": "15.0.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B7466098-C689-4E4B-879F-0433A020FDBC", "versionEndExcluding": "16.0.1", "versionStartIncluding": "16.0.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "91346E36-BACA-4562-9903-9E4B7EA74834", "versionEndExcluding": "14.1.3.1", "versionStartIncluding": "14.1.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "083E3750-8499-4325-B480-040DD0836F07", "versionEndExcluding": "15.1.1", "versionStartIncluding": "15.0.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "574397F4-0234-48D3-B024-D7963A41E21C", "versionEndExcluding": "16.0.1", "versionStartIncluding": "16.0.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AD6C7A28-1569-44B0-BE80-7472F5ED5059", "versionEndExcluding": "14.1.3.1", "versionStartIncluding": "14.1.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "28F451E4-B5EA-48BF-B803-595D1F11F6CF", "versionEndExcluding": "15.1.1", "versionStartIncluding": "15.0.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EB7047B3-A248-424C-98D8-A0DD99A86F50", "versionEndExcluding": "16.0.1", "versionStartIncluding": "16.0.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1C78B434-86B3-49AE-B93D-3A8F743DE00F", "versionEndExcluding": "14.1.3.1", "versionStartIncluding": "14.1.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3E85FCC0-DC5A-4201-A2ED-13DDA5169CA3", "versionEndExcluding": "15.1.1", "versionStartIncluding": "15.0.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "15439AAC-1535-4087-9170-C885716736F4", "versionEndExcluding": "16.0.1", "versionStartIncluding": "16.0.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B6D8C63D-D669-414C-8AF1-2F3A993D6B75", "versionEndExcluding": "14.1.3.1", "versionStartIncluding": "14.1.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "66DD6E1E-8F8E-4228-A3CE-6A542EF81D1B", "versionEndExcluding": "15.1.1", "versionStartIncluding": "15.0.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4F9D19B2-1D89-4917-A82E-289EDE52C68F", "versionEndExcluding": "16.0.1", "versionStartIncluding": "16.0.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "72914086-C966-46CF-AE19-6F70EA05FEF1", "versionEndExcluding": "14.1.3.1", "versionStartIncluding": "14.1.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AC6881E9-5B73-4615-B98D-EDD3223FF8F2", "versionEndExcluding": "15.1.1", "versionStartIncluding": "15.0.0"}, {"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E0319299-FCCE-4B8F-8DB5-83AF0C3D68D5", "versionEndExcluding": "16.0.1", "versionStartIncluding": "16.0.0"}, {"criteria": "cpe:2.3:a:f5:ssl_orchestrator:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A772DC58-9E8F-43DB-A640-F5DFE129E68E", "versionEndExcluding": "14.1.3.1", "versionStartIncluding": "14.1.0"}, {"criteria": "cpe:2.3:a:f5:ssl_orchestrator:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1897CBF0-C0C5-4A2F-A2CA-FBDEA2EC202F", "versionEndExcluding": "15.1.1", "versionStartIncluding": "15.0.0"}, {"criteria": "cpe:2.3:a:f5:ssl_orchestrator:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "37DB95DF-DAAE-4E11-9D91-A097A44176DB", "versionEndExcluding": "16.0.1", "versionStartIncluding": "16.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "f5sirt@f5.com"}

6.1 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

4.3 /10

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

JSON object

Attach tags to CVE-2020-27719

6.1^/10

4.3^/10

Attach tags to `CVE-2020-27719`