CVE-2020-5906
published 2020-07-01CVE-2020-5906: In versions 13.1.0-13.1.3.3, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, the BIG-IP system does not properly enforce the access controls for the scp.blacklist files…
high8.1CVSS 3.1
AVNACLPRLUINSUCHIHAN
In versions 13.1.0-13.1.3.3, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, the BIG-IP system does not properly enforce the access controls for the scp.blacklist files. This allows Admin and Resource Admin users with Secure Copy (SCP) protocol access to read and overwrite blacklisted files via SCP.
Affected
45 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| f5 | big-ip_aam | — | — |
| f5 | big-ip_access_policy_manager | — | — |
| f5 | big-ip_access_policy_manager | 11.6.1 – 11.6.5 | — |
| f5 | big-ip_access_policy_manager | 12.1.0 – 12.1.5 | — |
| f5 | big-ip_access_policy_manager | 13.1.0 – 13.1.3 | — |
| f5 | big-ip_advanced_firewall_manager | 11.6.1 – 11.6.5 | — |
| f5 | big-ip_advanced_firewall_manager | 12.1.0 – 12.1.5 | — |
| f5 | big-ip_advanced_firewall_manager | 13.1.0 – 13.1.3 | — |
| f5 | big-ip_afm | — | — |
| f5 | big-ip_analytics | — | — |
| f5 | big-ip_analytics | 11.6.1 – 11.6.5 | — |
| f5 | big-ip_analytics | 12.1.0 – 12.1.5 | — |
| f5 | big-ip_analytics | 13.1.0 – 13.1.3 | — |
| f5 | big-ip_apm | — | — |
| f5 | big-ip_application_acceleration_manager | 11.6.1 – 11.6.5 | — |
| f5 | big-ip_application_acceleration_manager | 12.1.0 – 12.1.5 | — |
| f5 | big-ip_application_acceleration_manager | 13.1.0 – 13.1.3 | — |
| f5 | big-ip_application_security_manager | 11.6.1 – 11.6.5 | — |
| f5 | big-ip_application_security_manager | 12.1.0 – 12.1.5 | — |
| f5 | big-ip_application_security_manager | 13.1.0 – 13.1.3 | — |
| f5 | big-ip_asm | — | — |
| f5 | big-ip_dns | — | — |
| f5 | big-ip_domain_name_system | 11.6.1 – 11.6.5 | — |
| f5 | big-ip_domain_name_system | 12.1.0 – 12.1.5 | — |
| f5 | big-ip_domain_name_system | 13.1.0 – 13.1.3 | — |