cbcvebase.
CVE-2020-5948
published 2020-12-11

CVE-2020-5948: On BIG-IP versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-14.1.2.7, 13.1.0-13.1.3.4, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, undisclosed endpoints in iControl…

critical9.6CVSS 3.1
AVNACLPRNUIRSCCHIHAH
On BIG-IP versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-14.1.2.7, 13.1.0-13.1.3.4, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, undisclosed endpoints in iControl REST allow for a reflected XSS attack, which could lead to a complete compromise of the BIG-IP system if the victim user is granted the admin role.

Affected

144 ranges· showing 25
VendorProductVersion rangeFixed in
f5big-ip_aam
f5big-ip_access_policy_manager
f5big-ip_access_policy_manager
f5big-ip_access_policy_manager>= 11.6.1 < 11.6.5.311.6.5.3
f5big-ip_access_policy_manager>= 12.1.0 < 12.1.5.312.1.5.3
f5big-ip_access_policy_manager>= 13.1.0 < 13.1.3.613.1.3.6
f5big-ip_access_policy_manager>= 13.1.0 < 13.1.3.513.1.3.5
f5big-ip_access_policy_manager>= 14.1.0 < 14.1.414.1.4
f5big-ip_access_policy_manager>= 14.1.0 < 14.1.2.814.1.2.8
f5big-ip_access_policy_manager>= 15.0.0 < 15.1.115.1.1
f5big-ip_access_policy_manager>= 15.1.0 < 15.1.2.115.1.2.1
f5big-ip_access_policy_manager>= 16.0.0 < 16.0.1.116.0.1.1
f5big-ip_advanced_firewall_manager
f5big-ip_advanced_firewall_manager>= 11.6.1 < 11.6.5.311.6.5.3
f5big-ip_advanced_firewall_manager>= 12.1.0 < 12.1.5.312.1.5.3
f5big-ip_advanced_firewall_manager>= 13.1.0 < 13.1.3.613.1.3.6
f5big-ip_advanced_firewall_manager>= 13.1.0 < 13.1.3.513.1.3.5
f5big-ip_advanced_firewall_manager>= 14.1.0 < 14.1.414.1.4
f5big-ip_advanced_firewall_manager>= 14.1.0 < 14.1.2.814.1.2.8
f5big-ip_advanced_firewall_manager>= 15.0.0 < 15.1.115.1.1
f5big-ip_advanced_firewall_manager>= 15.1.0 < 15.1.2.115.1.2.1
f5big-ip_advanced_firewall_manager>= 16.0.0 < 16.0.1.116.0.1.1
f5big-ip_advanced_waf
f5big-ip_advanced_web_application_firewall>= 11.6.1 < 11.6.5.311.6.5.3
f5big-ip_advanced_web_application_firewall>= 12.1.0 < 12.1.5.312.1.5.3