← back
CVE-2020-5902

CVE-2020-5902

CVSS 9.8 CRITICALEPSS 100.0%● KEVCWE-22
In short

A critical vulnerability in F5 BIG-IP's web management interface allows attackers to execute arbitrary code on affected systems without authentication. This flaw affects multiple versions and can lead to complete system compromise.

Technical detail

CVE-2020-5902 is a pre-authentication RCE vulnerability in BIG-IP TMUI affecting versions 11.6.1–15.1.0.3, exploitable via undisclosed pages with a network attack vector. The vulnerability allows unauthenticated remote code execution with CVSS 9.8 severity, resulting in complete system compromise.

Summary generated and translated by AI from the official description.
In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the Traffic Management User Interface (TMUI), also referred to as the Configuration utility, has a Remote Code Execution (RCE) vulnerability in undisclosed pages.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
n/a · BIG-IP
public PoCs found64
githubgithub.com/jas502n/CVE-2020-5902374githubgithub.com/yassineaboukir/CVE-2020-590271githubgithub.com/theLSA/f5-bigip-rce-cve-2020-590262githubgithub.com/aqhmal/CVE-2020-5902-Scanner55githubgithub.com/yasserjanah/CVE-2020-590243githubgithub.com/dunderhay/CVE-2020-590236githubgithub.com/f5devcentral/cve-2020-5902-ioc-bigip-checker17githubgithub.com/zhzyker/CVE-2020-590213githubgithub.com/ar0dd/CVE-2020-590212githubgithub.com/PushpenderIndia/CVE-2020-5902-Scanner12githubgithub.com/Al1ex/CVE-2020-590210githubgithub.com/lijiaxing1997/CVE-2020-5902-POC-EXP10githubgithub.com/west9b/F5-BIG-IP-POC10githubgithub.com/dwisiswant0/CVE-2020-59029githubgithub.com/nsflabs/CVE-2020-59028githubgithub.com/rwincey/CVE-2020-5902-NSE8githubgithub.com/rockmelodies/CVE-2020-5902-rce-gui8githubgithub.com/sv3nbeast/CVE-2020-5902_RCE8githubgithub.com/GovindPalakkal/EvilRip6githubgithub.com/MrCl0wnLab/checker-CVE-2020-59025githubgithub.com/corelight/CVE-2020-5902-F5BigIP4githubgithub.com/jiansiting/CVE-2020-59024githubgithub.com/d4rk007/F5-Big-IP-CVE-2020-5902-mass-exploiter4githubgithub.com/34zY/APT-Backpack3githubgithub.com/r0ttenbeef/cve-2020-59022githubgithub.com/cybersecurityworks553/scanner-CVE-2020-59022githubgithub.com/DeepSecurity-Pe/GoF5-CVE-2020-59022githubgithub.com/qiong-qi/CVE-2020-5902-POC2githubgithub.com/murataydemir/CVE-2020-59022githubgithub.com/faisalfs10x/F5-BIG-IP-CVE-2020-5902-shodan-scanner2githubgithub.com/z3n70/CVE-2020-59022githubgithub.com/renanhsilva/checkvulnCVE202059021githubgithub.com/qlkwej/poc-CVE-2020-59021githubgithub.com/halencarjunior/f5scan1githubgithub.com/haisenberg/CVE-2020-59021githubgithub.com/amitlttwo/CVE-2020-59021githubgithub.com/Shu1L/CVE-2020-5902-fofa-scan1githubgithub.com/JSec1337/RCE-CVE-2020-59021githubgithub.com/0xAbdullah/CVE-2020-59021githubgithub.com/jinnywc/CVE-2020-59021githubgithub.com/Zinkuth/F5-BIG-IP-CVE-2020-59021githubgithub.com/ajdumanhug/CVE-2020-59020githubgithub.com/dnerzker/CVE-2020-59020githubgithub.com/TheCyberViking/CVE-2020-5902-Vuln-Checker0githubgithub.com/0xBlackash/CVE-2020-59020githubgithub.com/flyopenair/CVE-2020-59020githubgithub.com/freeFV/CVE-2020-5902-fofa-scan0githubgithub.com/momika233/cve-2020-59020githubgithub.com/superzerosec/cve-2020-59020githubgithub.com/ludy-dev/BIG-IP-F5-TMUI-RCE-Vulnerability0githubgithub.com/Any3ite/CVE-2020-5902-F5BIG0githubgithub.com/k3nundrum/CVE-2020-59020githubgithub.com/inho28/CVE-2020-5902-F5-BIGIP0githubgithub.com/cristiano-corrado/f5_scanner0githubgithub.com/GoodiesHQ/F5-Patch0cve_referencepacketstormsecurity.com/files/158333/BIG-IP-TMUI-Remote-Code-Execution.htmlunverifiedcve_referencepacketstormsecurity.com/files/158366/F5-BIG-IP-TMUI-Directory-Traversal-File-Upload-Code-Execution.htmlunverifiedcve_referencepacketstormsecurity.com/files/175671/F5-BIG-IP-TMUI-Directory-Traversal-File-Upload-Code-Execution.htmlunverifiedcve_referencepacketstormsecurity.com/files/158581/F5-Big-IP-13.1.3-Build-0.0.6-Local-File-Inclusion.htmlunverifiedcve_referencepacketstormsecurity.com/files/158414/Checker-CVE-2020-5902.htmlunverifiedexploitdbwww.exploit-db.com/exploits/48711unverifiedexploitdbwww.exploit-db.com/exploits/48643unverifiedcve_referencepacketstormsecurity.com/files/158334/BIG-IP-TMUI-Remote-Code-Execution.htmlunverifiedexploitdbwww.exploit-db.com/exploits/48642unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://packetstormsecurity.com/files/158333/BIG-IP-TMUI-Remote-Code-Execution.htmlhttp://packetstormsecurity.com/files/158334/BIG-IP-TMUI-Remote-Code-Execution.htmlhttp://packetstormsecurity.com/files/158366/F5-BIG-IP-TMUI-Directory-Traversal-File-Upload-Code-Execution.htmlhttp://packetstormsecurity.com/files/158414/Checker-CVE-2020-5902.htmlhttp://packetstormsecurity.com/files/158581/F5-Big-IP-13.1.3-Build-0.0.6-Local-File-Inclusion.htmlhttp://packetstormsecurity.com/files/175671/F5-BIG-IP-TMUI-Directory-Traversal-File-Upload-Code-Execution.htmlhttps://badpackets.net/over-3000-f5-big-ip-endpoints-vulnerable-to-cve-2020-5902/https://github.com/Critical-Start/Team-Ares/tree/master/CVE-2020-5902https://support.f5.com/csp/article/K52145254https://swarm.ptsecurity.com/rce-in-f5-big-ip/https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-5902https://www.criticalstart.com/f5-big-ip-remote-code-execution-exploit/