CVE-2020-5950
MEDIUMBIG-IP 14.1.0-14.1.2.6 - Reflected Cross-Site Scripting in iControl REST Undisclosed Endpoints
Title source: llmDescription
On BIG-IP 14.1.0-14.1.2.6, undisclosed endpoints in iControl REST allow for a reflected XSS attack, which could lead to a complete compromise of the BIG-IP system if the victim user is granted the admin role.
References (2)
Core 2
Core References
Not Applicable x_refsource_confirm
https://support.f5.com/csp/article/K42696541
Vendor Advisory
https://support.f5.com/csp/article/K05204103
Scores
CVSS v3
5.3
EPSS
0.0081
EPSS Percentile
74.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Details
CWE
CWE-79
Status
published
Products (1)
f5/big-ip_advanced_firewall_manager
14.1.0 - 14.1.2.7
Published
Dec 11, 2020
Tracked Since
Feb 18, 2026