CVE-2020-27719

Published: Dic 24, 2020 Last Modified: Nov 21, 2024 EU-VD ID: EUVD-2020-20223 Aliases: GSD-2020-27719

ExploitDB:

Other exploit source:

Google Dorks:

MEDIUM 6,1

Source: [email protected]

Attack Vector: network

Attack Complexity: low

Privileges Required: none

User Interaction: required

Scope: changed

Confidentiality: low

Integrity: low

Availability: none

MEDIUM 4,3

Source: [email protected]

Access Vector: network

Access Complexity: medium

Authentication: none

Confidentiality: none

Integrity: partial

Availability: none

Description

AI Translation Available

On BIG-IP 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, and 14.1.0-14.1.3, a cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility.

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score

0,0047

Percentile

0,6th

Updated

EPSS Score Trend (Last 91 Days)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Stable

Abstraction: Base Structure: Simple

Common Consequences

Security Scopes Affected:

Access Control Confidentiality Integrity Availability

Potential Impacts:

Bypass Protection Mechanism Read Application Data Execute Unauthorized Code Or Commands

Applicable Platforms

Technologies: AI/ML, Web Based, Web Server

Likelihood of Exploit: High

View CWE Details

Application

Big-Ip Fraud Protection Service by F5

Product Information

Vendor F5

Product Big-Ip Fraud Protection Service

Version Range Affected

From 15.0.0 (inclusive)

To 15.1.1 (exclusive)

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Big-Ip Advanced Firewall Manager by F5

Product Information

Vendor F5

Product Big-Ip Advanced Firewall Manager

Version Range Affected

From 16.0.0 (inclusive)

To 16.0.1 (exclusive)

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Big-Ip Link Controller by F5

Product Information

Vendor F5

Product Big-Ip Link Controller

Version Range Affected

From 16.0.0 (inclusive)

To 16.0.1 (exclusive)

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Ssl Orchestrator by F5

Product Information

Vendor F5

Product Ssl Orchestrator

Version Range Affected

From 15.0.0 (inclusive)

To 15.1.1 (exclusive)

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:f5:ssl_orchestrator:*:*:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Big-Ip Link Controller by F5

Product Information

Vendor F5

Product Big-Ip Link Controller

Version Range Affected

From 14.1.0 (inclusive)

To 14.1.3.1 (exclusive)

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Big-Ip Global Traffic Manager by F5

Product Information

Vendor F5

Product Big-Ip Global Traffic Manager

Version Range Affected

From 15.0.0 (inclusive)

To 15.1.1 (exclusive)

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Big-Ip Access Policy Manager by F5

Product Information

Vendor F5

Product Big-Ip Access Policy Manager

Version Range Affected

From 15.0.0 (inclusive)

To 15.1.1 (exclusive)

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Big-Ip Analytics by F5

Product Information

Vendor F5

Product Big-Ip Analytics

Version Range Affected

From 14.1.0 (inclusive)

To 14.1.3.1 (exclusive)

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Big-Ip Ddos Hybrid Defender by F5

Product Information

Vendor F5

Product Big-Ip Ddos Hybrid Defender

Version Range Affected

From 16.0.0 (inclusive)

To 16.0.1 (exclusive)

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Big-Ip Application Acceleration Manager by F5

Product Information

Vendor F5

Product Big-Ip Application Acceleration Manager

Version Range Affected

From 15.0.0 (inclusive)

To 15.1.1 (exclusive)

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Ssl Orchestrator by F5

Product Information

Vendor F5

Product Ssl Orchestrator

Version Range Affected

From 16.0.0 (inclusive)

To 16.0.1 (exclusive)

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:f5:ssl_orchestrator:*:*:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Big-Ip Link Controller by F5

Product Information

Vendor F5

Product Big-Ip Link Controller

Version Range Affected

From 15.0.0 (inclusive)

To 15.1.1 (exclusive)

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Big-Ip Access Policy Manager by F5

Product Information

Vendor F5

Product Big-Ip Access Policy Manager

Version Range Affected

From 16.0.0 (inclusive)

To 16.0.1 (exclusive)

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Big-Ip Analytics by F5

Product Information

Vendor F5

Product Big-Ip Analytics

Version Range Affected

From 15.0.0 (inclusive)

To 15.1.1 (exclusive)

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Big-Ip Local Traffic Manager by F5

Product Information

Vendor F5

Product Big-Ip Local Traffic Manager

Version Range Affected

From 16.0.0 (inclusive)

To 16.0.1 (exclusive)

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Big-Ip Fraud Protection Service by F5

Product Information

Vendor F5

Product Big-Ip Fraud Protection Service

Version Range Affected

From 16.0.0 (inclusive)

To 16.0.1 (exclusive)

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Big-Ip Local Traffic Manager by F5

Product Information

Vendor F5

Product Big-Ip Local Traffic Manager

Version Range Affected

From 15.0.0 (inclusive)

To 15.1.1 (exclusive)

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Big-Ip Application Acceleration Manager by F5

Product Information

Vendor F5

Product Big-Ip Application Acceleration Manager

Version Range Affected

From 14.1.0 (inclusive)

To 14.1.3.1 (exclusive)

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Big-Ip Policy Enforcement Manager by F5

Product Information

Vendor F5

Product Big-Ip Policy Enforcement Manager

Version Range Affected

From 14.1.0 (inclusive)

To 14.1.3.1 (exclusive)

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Big-Ip Domain Name System by F5

Product Information

Vendor F5

Product Big-Ip Domain Name System

Version Range Affected

From 15.0.0 (inclusive)

To 15.1.1 (exclusive)

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Big-Ip Advanced Firewall Manager by F5

Product Information

Vendor F5

Product Big-Ip Advanced Firewall Manager

Version Range Affected

From 14.1.0 (inclusive)

To 14.1.3.1 (exclusive)

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Big-Ip Fraud Protection Service by F5

Product Information

Vendor F5

Product Big-Ip Fraud Protection Service

Version Range Affected

From 14.1.0 (inclusive)

To 14.1.3.1 (exclusive)

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Big-Ip Domain Name System by F5

Product Information

Vendor F5

Product Big-Ip Domain Name System

Version Range Affected

From 14.1.0 (inclusive)

To 14.1.3.1 (exclusive)

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Big-Ip Application Security Manager by F5

Product Information

Vendor F5

Product Big-Ip Application Security Manager

Version Range Affected

From 14.1.0 (inclusive)

To 14.1.3.1 (exclusive)

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Big-Ip Application Security Manager by F5

Product Information

Vendor F5

Product Big-Ip Application Security Manager

Version Range Affected

From 15.0.0 (inclusive)

To 15.1.1 (exclusive)

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Ssl Orchestrator by F5

Product Information

Vendor F5

Product Ssl Orchestrator

Version Range Affected

From 14.1.0 (inclusive)

To 14.1.3.1 (exclusive)

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:f5:ssl_orchestrator:*:*:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Big-Ip Policy Enforcement Manager by F5

Product Information

Vendor F5

Product Big-Ip Policy Enforcement Manager

Version Range Affected

From 15.0.0 (inclusive)

To 15.1.1 (exclusive)

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Big-Ip Global Traffic Manager by F5

Product Information

Vendor F5

Product Big-Ip Global Traffic Manager

Version Range Affected

From 14.1.0 (inclusive)

To 14.1.3.1 (exclusive)

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Big-Ip Advanced Firewall Manager by F5

Product Information

Vendor F5

Product Big-Ip Advanced Firewall Manager

Version Range Affected

From 15.0.0 (inclusive)

To 15.1.1 (exclusive)

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Big-Ip Local Traffic Manager by F5

Product Information

Vendor F5

Product Big-Ip Local Traffic Manager

Version Range Affected

From 14.1.0 (inclusive)

To 14.1.3.1 (exclusive)

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Big-Ip Domain Name System by F5

Product Information

Vendor F5

Product Big-Ip Domain Name System

Version Range Affected

From 16.0.0 (inclusive)

To 16.0.1 (exclusive)

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Big-Ip Advanced Web Application Firewall by F5

Product Information

Vendor F5

Product Big-Ip Advanced Web Application Firewall

Version Range Affected

From 14.1.0 (inclusive)

To 14.1.3.1 (exclusive)

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Big-Ip Application Security Manager by F5

Product Information

Vendor F5

Product Big-Ip Application Security Manager

Version Range Affected

From 16.0.0 (inclusive)

To 16.0.1 (exclusive)

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Big-Ip Access Policy Manager by F5

Product Information

Vendor F5

Product Big-Ip Access Policy Manager

Version Range Affected

From 14.1.0 (inclusive)

To 14.1.3.1 (exclusive)

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Big-Ip Ddos Hybrid Defender by F5

Product Information

Vendor F5

Product Big-Ip Ddos Hybrid Defender

Version Range Affected

From 14.1.0 (inclusive)

To 14.1.3.1 (exclusive)

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Big-Ip Application Acceleration Manager by F5

Product Information

Vendor F5

Product Big-Ip Application Acceleration Manager

Version Range Affected

From 16.0.0 (inclusive)

To 16.0.1 (exclusive)

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Big-Ip Policy Enforcement Manager by F5

Product Information

Vendor F5

Product Big-Ip Policy Enforcement Manager

Version Range Affected

From 16.0.0 (inclusive)

To 16.0.1 (exclusive)

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Big-Ip Ddos Hybrid Defender by F5

Product Information

Vendor F5

Product Big-Ip Ddos Hybrid Defender

Version Range Affected

From 15.0.0 (inclusive)

To 15.1.1 (exclusive)

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Big-Ip Global Traffic Manager by F5

Product Information

Vendor F5

Product Big-Ip Global Traffic Manager

Version Range Affected

From 16.0.0 (inclusive)

To 16.0.1 (exclusive)

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Big-Ip Analytics by F5

Product Information

Vendor F5

Product Big-Ip Analytics

Version Range Affected

From 16.0.0 (inclusive)

To 16.0.1 (exclusive)

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Big-Ip Advanced Web Application Firewall by F5

Product Information

Vendor F5

Product Big-Ip Advanced Web Application Firewall

Version Range Affected

From 15.0.0 (inclusive)

To 15.1.1 (exclusive)

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Big-Ip Advanced Web Application Firewall by F5

Product Information

Vendor F5

Product Big-Ip Advanced Web Application Firewall

Version Range Affected

From 16.0.0 (inclusive)

To 16.0.1 (exclusive)

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

https://support.f5.com/csp/article/K19166530

Vendor Advisory

https://support.f5.com/csp/article/K19166530

Vendor Advisory

https://support.f5.com/csp/article/K19166530