CVE-2020-27727 — Improper Input Validation in F5 Big-ip Access Policy Manager
Severity
4.9MEDIUMNVD
EPSS
0.3%
top 49.07%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedDec 24
Latest updateMay 24
Description
On BIG-IP version 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-14.1.3, and 13.1.0-13.1.3.4, when an authenticated administrative user installs RPMs using the iAppsLX REST installer, the BIG-IP system does not sufficiently validate user input, allowing the user read access to the filesystem.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:NExploitability: 1.2 | Impact: 3.6
Affected Packages12 packages
▶CVEListV5f5/big-ip_access_policy_manager16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-14.1.3, 13.1.0-13.1.3.4