CVE-2020-5916

In BIG-IP versions 15.1.0-15.1.0.4 and 15.0.0-15.0.1.3 the Certificate Administrator user role and higher privileged roles can perform arbitrary file reads outside of the web root directory.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.8 MEDIUM
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
f5CNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 28%
VendorProductVersion
f5big-ip_access_policy_manager
15.0.0 ≤
𝑥
< 15.0.1.4
f5big-ip_access_policy_manager
15.1.0 ≤
𝑥
< 15.1.0.5
f5big-ip_advanced_firewall_manager
15.0.0 ≤
𝑥
< 15.0.1.4
f5big-ip_advanced_firewall_manager
15.1.0 ≤
𝑥
< 15.1.0.5
f5big-ip_analytics
15.0.0 ≤
𝑥
< 15.0.1.4
f5big-ip_analytics
15.1.0 ≤
𝑥
< 15.1.0.5
f5big-ip_application_acceleration_manager
15.0.0 ≤
𝑥
< 15.0.1.4
f5big-ip_application_acceleration_manager
15.1.0 ≤
𝑥
< 15.1.0.5
f5big-ip_application_security_manager
15.0.0 ≤
𝑥
< 15.0.1.4
f5big-ip_application_security_manager
15.1.0 ≤
𝑥
< 15.1.0.5
f5big-ip_ddos_hybrid_defender
15.0.0 ≤
𝑥
< 15.0.1.4
f5big-ip_ddos_hybrid_defender
15.1.0 ≤
𝑥
< 15.1.0.5
f5big-ip_domain_name_system
15.0.0 ≤
𝑥
< 15.0.1.4
f5big-ip_domain_name_system
15.1.0 ≤
𝑥
< 15.1.0.5
f5big-ip_fraud_protection_service
15.0.0 ≤
𝑥
< 15.0.1.4
f5big-ip_fraud_protection_service
15.1.0 ≤
𝑥
< 15.1.0.5
f5big-ip_global_traffic_manager
15.0.0 ≤
𝑥
< 15.0.1.4
f5big-ip_global_traffic_manager
15.1.0 ≤
𝑥
< 15.1.0.5
f5big-ip_link_controller
15.0.0 ≤
𝑥
< 15.0.1.4
f5big-ip_link_controller
15.1.0 ≤
𝑥
< 15.1.0.5
f5big-ip_local_traffic_manager
15.0.0 ≤
𝑥
< 15.0.1.4
f5big-ip_local_traffic_manager
15.1.0 ≤
𝑥
< 15.1.0.5
f5big-ip_policy_enforcement_manager
15.0.0 ≤
𝑥
< 15.0.1.4
f5big-ip_policy_enforcement_manager
15.1.0 ≤
𝑥
< 15.1.0.5
f5ssl_orchestrator
15.0.0 ≤
𝑥
< 15.0.1.4
f5ssl_orchestrator
15.1.0 ≤
𝑥
< 15.1.0.5
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://support.f5.com/csp/article/K29923912
https://support.f5.com/csp/article/K29923912