CVE-2020-5906

HIGH

BIG-IP <13.1.3.3, 12.1.5.2, 11.6.5.2 - Privilege Escalation

Title source: llm
STIX 2.1

Description

In versions 13.1.0-13.1.3.3, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, the BIG-IP system does not properly enforce the access controls for the scp.blacklist files. This allows Admin and Resource Admin users with Secure Copy (SCP) protocol access to read and overwrite blacklisted files via SCP.

References (2)

Core 2
Core References
Vendor Advisory x_refsource_misc
https://support.f5.com/csp/article/K82518062
Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert-vn
https://www.kb.cert.org/vuls/id/290915

Scores

CVSS v3 8.1
EPSS 0.0013
EPSS Percentile 32.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Details

CWE
CWE-276
Status published
Products (11)
f5/big-ip_access_policy_manager 11.6.1 - 11.6.5
f5/big-ip_advanced_firewall_manager 11.6.1 - 11.6.5
f5/big-ip_analytics 11.6.1 - 11.6.5
f5/big-ip_application_acceleration_manager 11.6.1 - 11.6.5
f5/big-ip_application_security_manager 11.6.1 - 11.6.5
f5/big-ip_domain_name_system 11.6.1 - 11.6.5
f5/big-ip_fraud_protection_service 11.6.1 - 11.6.5
f5/big-ip_global_traffic_manager 11.6.1 - 11.6.5
f5/big-ip_link_controller 11.6.1 - 11.6.5
f5/big-ip_local_traffic_manager 11.6.1 - 11.6.5
... and 1 more
Published Jul 01, 2020
Tracked Since Feb 18, 2026