First published: 06 Jul 2020
Last updated: 06 Jul 2020

Content written for

Large organisations & infrastructure

The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) advises users of F5’s enterprise and data centre BIG-IP products to ensure their systems are promptly patched after the recent disclosure of new remote code execution vulnerability.

CVE-2020-5902 allows an actor with access to Traffic Management User Interface (TMUI) to execute arbitrary system commands, create or delete files, disable services and/or execute arbitrary Java code.

The ASD's ACSC strongly encourages users and administrators to review the F5 advisory for CVE-2020-5902 and update their systems promptly.

Further information about CVE-2020-5902 is available on F5’s website.

To report a cybercrime, visit ReportCyber

Was this helpful?
Yes this was helpful
No this was not helpful

Thanks for your feedback!

We welcome additional feedback below.

Was this information easy to understand?
Will you take action after reading this?
Did you find the information you were looking for?
Did the design and layout of this page meet your expectations?