Description Preview
Overview
This vulnerability (CVE-2020-5915) is a stored cross-site scripting (CWE-79) issue affecting the Traffic Management User Interface (TMUI) of F5 BIG-IP systems. The vulnerability specifically manifests when BIG-IP systems are configured in a device trust relationship. An attacker with access to the vulnerable page could potentially inject malicious scripts that would be stored on the server and later executed in the browsers of administrators or other users accessing the affected page. The vulnerability impacts multiple versions of BIG-IP across several release branches, indicating a widespread issue that requires immediate attention from system administrators.
Remediation
To remediate this vulnerability, F5 recommends upgrading to one of the following fixed versions:
- 15.1.0.5 or later
- 15.0.1.4 or later
- 14.1.2.4 or later
- 13.1.3.4 or later
- 12.1.5.2 or later
- 11.6.5.2 or later
If upgrading is not immediately possible, administrators should limit access to the TMUI interface to trusted networks and users only. Additionally, implementing network segmentation and restricting administrative access to the management interface can help mitigate the risk. For detailed patching instructions and additional mitigation strategies, consult the F5 security advisory at https://support.f5.com/csp/article/K57214921.
References
- F5 Security Advisory: https://support.f5.com/csp/article/K57214921
- MITRE CWE-79 (Cross-site Scripting): https://cwe.mitre.org/data/definitions/79.html
- CVE-2020-5915 in the National Vulnerability Database: https://nvd.nist.gov/vuln/detail/CVE-2020-5915
Industry ExposureMost to leastThis section illustrates the prevalence of a specific Common Vulnerabilities and Exposures (CVE) across various industries based on customer reports. The ranking displays industries from the most to least affected by this particular vulnerability, offering valuable insight into where this CVE has been most frequently observed. This information can help organizations within these sectors prioritize their security efforts, understand their relative risk exposure compared to their peers, and focus remediation strategies where they are most needed. By understanding the industry-specific impact, organizations can make more informed decisions regarding patching, resource allocation, and overall risk management related to this CVE.
- Finance and InsuranceFinance and Insurance
- Management of Companies & EnterprisesManagement of Companies & Enterprises
- ManufacturingManufacturing
- Professional, Scientific, & Technical ServicesProfessional, Scientific, & Technical Services
- Accommodation & Food ServicesAccommodation & Food Services
- Administrative, Support, Waste Management & Remediation ServicesAdministrative, Support, Waste Management & Remediation Services
- Agriculture, Forestry Fishing & HuntingAgriculture, Forestry Fishing & Hunting
- Arts, Entertainment & RecreationArts, Entertainment & Recreation
- ConstructionConstruction
- Educational ServicesEducational Services
- Health Care & Social AssistanceHealth Care & Social Assistance
- InformationInformation
- MiningMining
- Other Services (except Public Administration)Other Services (except Public Administration)
- Public AdministrationPublic Administration
- Real Estate Rental & LeasingReal Estate Rental & Leasing
- Retail TradeRetail Trade
- Transportation & WarehousingTransportation & Warehousing
- UtilitiesUtilities
- Wholesale TradeWholesale Trade
