CVE-2020-5902— F5 BIG-IP 路径遍历漏洞
新しい脆弱性情報の通知を購読するログインして購読
I. CVE-2020-5902の基本情報
脆弱性情報
脆弱性についてご質問がありますか?Shenlongの分析が参考になるかご確認ください!
Shenlongの10の質問を表示 ↗ 高度な大規模言語モデル技術を使用していますが、出力には不正確または古い情報が含まれる可能性があります。Shenlongはデータの正確性を確保するよう努めていますが、実際の状況に基づいて検証・判断してください。
脆弱性タイトル
N/A
ソース: NVD (National Vulnerability Database)
脆弱性説明
In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the Traffic Management User Interface (TMUI), also referred to as the Configuration utility, has a Remote Code Execution (RCE) vulnerability in undisclosed pages.
ソース: NVD (National Vulnerability Database)
CVSS情報
N/A
ソース: NVD (National Vulnerability Database)
脆弱性タイプ
N/A
ソース: NVD (National Vulnerability Database)
脆弱性タイトル
F5 BIG-IP 路径遍历漏洞
ソース: CNNVD (China National Vulnerability Database)
脆弱性説明
F5 BIG-IP是美国F5公司的一款集成了网络流量管理、应用程序安全管理、负载均衡等功能的应用交付平台。 F5 BIG-IP中存在路径遍历漏洞。攻击者可利用该漏洞执行任意的系统命令、创建或删除文件,关闭服务/执行任意的Java代码,可能完全入侵系统。以下产品及版本受到影响:F5 BIG-IP 15.1.0版本,15.0.0版本,14.1.0版本至14.1.2版本,13.1.0版本至13.1.3版本,12.1.0版本至12.1.5版本,11.6.1版本至11.6.5版本。
ソース: CNNVD (China National Vulnerability Database)
CVSS情報
N/A
ソース: CNNVD (China National Vulnerability Database)
脆弱性タイプ
N/A
ソース: CNNVD (China National Vulnerability Database)
影響を受ける製品
| ベンダー | プロダクト | 影響を受けるバージョン | CPE | 購読 |
|---|---|---|---|---|
| - | BIG-IP | 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, 11.6.1-11.6.5.1 | - |
II. CVE-2020-5902の公開POC
| # | POC説明 | ソースリンク | Shenlongリンク |
|---|---|---|---|
| 1 | CVE-2020-5902 | https://github.com/dwisiswant0/CVE-2020-5902 | POC詳細 |
| 2 | Automated script for F5 BIG-IP scanner (CVE-2020-5902) using hosts retrieved from Shodan API. | https://github.com/aqhmal/CVE-2020-5902-Scanner | POC詳細 |
| 3 | CVE-2020-5902 BIG-IP | https://github.com/jas502n/CVE-2020-5902 | POC詳細 |
| 4 | POC code for checking for this vulnerability. Since the code has been released, I decided to release this one as well. Patch Immediately! | https://github.com/ar0dd/CVE-2020-5902 | POC詳細 |
| 5 | Proof of concept for CVE-2020-5902 | https://github.com/yassineaboukir/CVE-2020-5902 | POC詳細 |
| 6 | None | https://github.com/rwincey/CVE-2020-5902-NSE | POC詳細 |
| 7 | Proof of Concept for CVE-2020-5902 | https://github.com/un4gi/CVE-2020-5902 | POC詳細 |
| 8 | None | https://github.com/nsflabs/CVE-2020-5902 | POC詳細 |
| 9 | exploit code for F5-Big-IP (CVE-2020-5902) | https://github.com/yasserjanah/CVE-2020-5902 | POC詳細 |
| 10 | BIG-IP F5 Remote Code Execution | https://github.com/JSec1337/RCE-CVE-2020-5902 | POC詳細 |
| 11 | Python script to exploit F5 Big-IP CVE-2020-5902 | https://github.com/dunderhay/CVE-2020-5902 | POC詳細 |
| 12 | cve-2020-5902 POC exploit | https://github.com/r0ttenbeef/cve-2020-5902 | POC詳細 |
| 13 | None | https://github.com/sv3nbeast/CVE-2020-5902_RCE | POC詳細 |
| 14 | CVE-2020-5902 scanner | https://github.com/cybersecurityworks553/scanner-CVE-2020-5902 | POC詳細 |
| 15 | 批量扫描CVE-2020-5902,远程代码执行,已测试 | https://github.com/lijiaxing1997/CVE-2020-5902-POC-EXP | POC詳細 |
| 16 | dummy poc | https://github.com/qlkwej/poc-CVE-2020-5902 | POC詳細 |
| 17 | None | https://github.com/Zinkuth/F5-BIG-IP-CVE-2020-5902 | POC詳細 |
| 18 | Python script to check CVE-2020-5902 (F5 BIG-IP devices). | https://github.com/0xAbdullah/CVE-2020-5902 | POC詳細 |
| 19 | CVE-2020-5902 | https://github.com/jinnywc/CVE-2020-5902 | POC詳細 |
| 20 | Patch F5 appliance CVE-2020-5902 | https://github.com/GoodiesHQ/F5-Patch | POC詳細 |
| 21 | F5 BIG-IP Scanner (CVE-2020-5902) | https://github.com/jiansiting/CVE-2020-5902 | POC詳細 |
| 22 | Fix CVE-2020-5902 | https://github.com/wdlid/CVE-2020-5902-fix | POC詳細 |
| 23 | None | https://github.com/Any3ite/CVE-2020-5902-F5BIG | POC詳細 |
| 24 | None | https://github.com/k3nundrum/CVE-2020-5902 | POC詳細 |
| 25 | Scan from a given list for F5 BIG-IP and check for CVE-2020-5902 | https://github.com/inho28/CVE-2020-5902-F5-BIGIP | POC詳細 |
| 26 | F5 mass scanner and CVE-2020-5902 checker | https://github.com/cristiano-corrado/f5_scanner | POC詳細 |
| 27 | POC | https://github.com/ajdumanhug/CVE-2020-5902 | POC詳細 |
| 28 | F5 BIG-IP 任意文件读取+远程命令执行RCE | https://github.com/zhzyker/CVE-2020-5902 | POC詳細 |
| 29 | It is a small script to fetch out the subdomains/ip vulnerable to CVE-2020-5902 written in bash | https://github.com/GovindPalakkal/EvilRip | POC詳細 |
| 30 | None | https://github.com/dnerzker/CVE-2020-5902 | POC詳細 |
| 31 | A powershell script to check vulnerability CVE-2020-5902 of ip list | https://github.com/renanhsilva/checkvulnCVE20205902 | POC詳細 |
| 32 | F5 BIG IP Scanner for CVE-2020-5902 | https://github.com/halencarjunior/f5scan | POC詳細 |
| 33 | Script para validar CVE-2020-5902 hecho en Go. | https://github.com/deepsecurity-pe/GoF5-CVE-2020-5902 | POC詳細 |
| 34 | None | https://github.com/Shu1L/CVE-2020-5902-fofa-scan | POC詳細 |
| 35 | F5 Big-IP CVE-2020-5902 mass exploiter/fuzzer. | https://github.com/d4rk007/F5-Big-IP-CVE-2020-5902-mass-exploiter | POC詳細 |
| 36 | Simple Vulnerability Checker Wrote by me "@TheCyberViking" and A fellow Researcher who wanted to be left Nameless... you know who you are you beautiful bitch | https://github.com/TheCyberViking/CVE-2020-5902-Vuln-Checker | POC詳細 |
| 37 | Exploits for CVE-2020-5902 POC | https://github.com/itsjeffersonli/CVE-2020-5902 | POC詳細 |
| 38 | Checker CVE-2020-5902: BIG-IP versions 15.0.0 through 15.1.0.3, 14.1.0 through 14.1.2.5, 13.1.0 through 13.1.3.3, 12.1.0 through 12.1.5.1, and 11.6.1 through 11.6.5.1 suffer from Traffic Management User Interface (TMUI) arbitrary file read and command execution vulnerabilities. | https://github.com/MrCl0wnLab/checker-CVE-2020-5902 | POC詳細 |
| 39 | 批量检测CVE-2020-5902 | https://github.com/qiong-qi/CVE-2020-5902-POC | POC詳細 |
| 40 | F5 BIG-IP RCE CVE-2020-5902 automatic check tool | https://github.com/theLSA/f5-bigip-rce-cve-2020-5902 | POC詳細 |
| 41 | CVE-2020-5902 | https://github.com/Al1ex/CVE-2020-5902 | POC詳細 |
| 42 | None | https://github.com/freeFV/CVE-2020-5902-fofa-scan | POC詳細 |
| 43 | None | https://github.com/momika233/cve-2020-5902 | POC詳細 |
| 44 | GUI | https://github.com/rockmelodies/CVE-2020-5902-rce-gui | POC詳細 |
| 45 | Mass exploit for CVE-2020-5902 | https://github.com/5l1v3r1/CVE-2020-5902-Mass | POC詳細 |
| 46 | None | https://github.com/f5devcentral/cve-2020-5902-ioc-bigip-checker | POC詳細 |
| 47 | A network detection package for CVE-2020-5902, a CVE10.0 vulnerability affecting F5 Networks, Inc BIG-IP devices. | https://github.com/corelight/CVE-2020-5902-F5BigIP | POC詳細 |
| 48 | Automated F5 Big IP Remote Code Execution (CVE-2020-5902) Scanner Written In Python 3 | https://github.com/PushpenderIndia/CVE-2020-5902-Scanner | POC詳細 |
| 49 | [CVE-2020-5902] F5 BIG-IP Remote Code Execution (RCE) | https://github.com/murataydemir/CVE-2020-5902 | POC詳細 |
| 50 | None | https://github.com/superzerosec/cve-2020-5902 | POC詳細 |
| 51 | (CVE-2020-5902) BIG IP F5 TMUI RCE Vulnerability RCE PoC/ Test Script | https://github.com/ludy-dev/BIG-IP-F5-TMUI-RCE-Vulnerability | POC詳細 |
| 52 | simple bash script of F5 BIG-IP TMUI Vulnerability CVE-2020-5902 checker | https://github.com/faisalfs10x/F5-BIG-IP-CVE-2020-5902-shodan-scanner | POC詳細 |
| 53 | Auto exploit RCE CVE-2020-5902 | https://github.com/haisenberg/CVE-2020-5902 | POC詳細 |
| 54 | BIGIP CVE-2020-5902 Exploit POC and automation scanning vulnerability | https://github.com/z3n70/CVE-2020-5902 | POC詳細 |
| 55 | None | https://github.com/amitlttwo/CVE-2020-5902 | POC詳細 |
| 56 | Exploits for CVE-2020-5902 POC | https://github.com/flyopenair/CVE-2020-5902 | POC詳細 |
| 57 | A simple workflow that runs all BigIP related nuclei templates on a given target. | https://github.com/projectdiscovery/nuclei-templates/blob/main/workflows/bigip-workflow.yaml | POC詳細 |
| 58 | F5 BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the Traffic Management User Interface (TMUI), also referred to as the Configuration utility, has a Remote Code Execution (RCE) vulnerability in undisclosed pages. | https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2020/CVE-2020-5902.yaml | POC詳細 |
| 59 | None | https://github.com/Threekiii/Awesome-POC/blob/master/Web%E5%BA%94%E7%94%A8%E6%BC%8F%E6%B4%9E/F5%20BIG-IP%20%E8%BF%9C%E7%A8%8B%E4%BB%A3%E7%A0%81%E6%89%A7%E8%A1%8C%E6%BC%8F%E6%B4%9E%20CVE-2020-5902.md | POC詳細 |
| 60 | CVE-2020-5902 | https://github.com/B1ack4sh/Blackash-CVE-2020-5902 | POC詳細 |
| 61 | CVE-2020-5902 | https://github.com/Ashwesker/Blackash-CVE-2020-5902 | POC詳細 |
| 62 | Script para validar CVE-2020-5902 hecho en Go. | https://github.com/DeepSecurity-Pe/GoF5-CVE-2020-5902 | POC詳細 |
AI生成POCプレミアム
公開POCは見つかりませんでした。
ログインしてAI POCを生成III. CVE-2020-5902のインテリジェンス情報
请登录查看更多情报信息。
- https://www.kb.cert.org/vuls/id/290915third-party-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2020-5902
Same Patch Batch · n/a · 2020-07-01 · 43 CVEs total
| CVE-2020-7688 | 8.4 HIGH | Command Injection |
| CVE-2020-7689 | 5.9 MEDIUM | Insecure Encryption |
| CVE-2020-12603 | Envoy 资源管理错误漏洞 | |
| CVE-2020-15471 | Ntop nDPI 缓冲区错误漏洞 | |
| CVE-2020-15478 | Journal theme 信息泄露漏洞 | |
| CVE-2020-15472 | Ntop nDPI 缓冲区错误漏洞 | |
| CVE-2020-15475 | Ntop nDPI 资源管理错误漏洞 | |
| CVE-2020-15476 | Ntop nDPI 缓冲区错误漏洞 | |
| CVE-2020-15470 | ffjpeg 缓冲区错误漏洞 | |
| CVE-2020-15468 | Persian VIP Download Script SQL注入漏洞 | |
| CVE-2020-15474 | Ntop nDPI 缓冲区错误漏洞 | |
| CVE-2017-1712 | HCL Technologies Domino 加密问题漏洞 | |
| CVE-2017-1659 | HCL Technologies Notes 跨站脚本漏洞 | |
| CVE-2020-5900 | F5 NGINX Controller 跨站请求伪造漏洞 | |
| CVE-2020-5899 | F5 NGINX Controller 授权问题漏洞 | |
| CVE-2020-5901 | F5 NGINX Controller 跨站脚本漏洞 | |
| CVE-2020-13380 | Open Solutions for Education openSIS SQL注入漏洞 | |
| CVE-2020-13381 | Open Solutions for Education openSIS SQL注入漏洞 | |
| CVE-2020-8663 | Envoy 资源管理错误漏洞 | |
| CVE-2020-13382 | Open Solutions for Education openSIS 访问控制错误漏洞 |
Showing 20 of 43 CVEs. View all on vendor page →
IV. 関連脆弱性
同じベンダー: n/a
- CVE-2026-8276
bettercap MySQL Server mysql_server.go integer coercion - CVE-2026-8275
bettercap zerogod IPP Service zerogod_ipp_primitives.go ippR - CVE-2026-8270
Open5GS SMF ogs_nas_parse_qos_rules denial of service - CVE-2026-8269
Open5GS SMF smf_nsmf_handle_create_sm_context denial of serv - CVE-2026-8268
Open5GS SMF OpenAPI_list_create denial of service
V. CVE-2020-5902へのコメント
まだコメントはありません