The Australian Signals Directorate’s Australian Cyber Security Centre (ACSC) advises users of F5’s enterprise and data centre BIG-IP products to ensure their systems are promptly patched after the recent disclosure of new remote code execution vulnerability.
CVE-2020-5902 allows an actor with access to Traffic Management User Interface (TMUI) to execute arbitrary system commands, create or delete files, disable services and/or execute arbitrary Java code.
The ACSC strongly encourages users and administrators to review the F5 advisory for CVE-2020-5902 and update their systems promptly.
Further information about CVE-2020-5902 is available on F5’s website.
To report a cybercrime, visit ReportCyber