In versions 13.1.0-13.1.3.3, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, the BIG-IP system does not properly enforce the access controls for the scp.blacklist files. This allows Admin and Resource Admin users with Secure Copy (SCP) protocol access to read and overwrite blacklisted files via SCP.
References
Link | Resource |
---|---|
https://support.f5.com/csp/article/K82518062 | Vendor Advisory |
https://www.kb.cert.org/vuls/id/290915 | Third Party Advisory US Government Resource |
https://support.f5.com/csp/article/K82518062 | Vendor Advisory |
https://www.kb.cert.org/vuls/id/290915 | Third Party Advisory US Government Resource |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 05:34
Type | Values Removed | Values Added |
---|---|---|
References | () https://support.f5.com/csp/article/K82518062 - Vendor Advisory | |
References | () https://www.kb.cert.org/vuls/id/290915 - Third Party Advisory, US Government Resource |
Information
Published : 2020-07-01 15:15
Updated : 2024-11-21 05:34
NVD link : CVE-2020-5906
Mitre link : CVE-2020-5906
CVE.ORG link : CVE-2020-5906
JSON object : View
Products Affected
f5
- big-ip_application_security_manager
- big-ip_application_acceleration_manager
- big-ip_global_traffic_manager
- big-ip_policy_enforcement_manager
- big-ip_domain_name_system
- big-ip_fraud_protection_service
- big-ip_link_controller
- big-ip_local_traffic_manager
- big-ip_advanced_firewall_manager
- big-ip_access_policy_manager
- big-ip_analytics
CWE
CWE-276
Incorrect Default Permissions