TMUI remote code execution vulnerability - CVE-2020-5902

The ACSC advises users of F5’s enterprise and data centre BIG-IP products to ensure their systems are promptly patched after the recent disclosure of new remote code execution vulnerability.
Alert status
MEDIUM

The Australian Signals Directorate’s Australian Cyber Security Centre (ACSC) advises users of F5’s enterprise and data centre BIG-IP products to ensure their systems are promptly patched after the recent disclosure of new remote code execution vulnerability.

CVE-2020-5902 allows an actor with access to Traffic Management User Interface (TMUI) to execute arbitrary system commands, create or delete files, disable services and/or execute arbitrary Java code.

The ACSC strongly encourages users and administrators to review the F5 advisory for CVE-2020-5902 and update their systems promptly.

Further information about CVE-2020-5902 is available on F5’s website.

To report a cybercrime, visit ReportCyber

Content complexity
Moderate
This rating relates to the complexity of the advice and information provided on the page.
Was this information helpful?

Thanks for your feedback!

 
Optional

Tell us why this information was helpful and we’ll work on making more pages like it

Icon for ReportReport a cyber security incident for critical infrastructure Icon for becoming a alertsGet alerts on new threatsAlert Service Become anACSC partner Icon for reportingReport a cybercrime or cyber security incident
Acknowledgement of Country icon
Acknowledgement of Country
We acknowledge the Traditional Owners and Custodians of Country throughout Australia and their continuing connections to land, sea and communities. We pay our respects to them, their cultures and their Elders; past, present and emerging. We also recognise Australia's First Peoples' enduring contribution to Australia's national security.
Authorised by the Australian Government, Canberra