{
    "file_item": {
        "filepath": "security-advisories",
        "filename": "CERT-EU-SA2020-042.pdf"
    },
    "title": "XSS Vulnerability in F5 BIG-IP",
    "serial_number": "2020-042",
    "publish_date": "28-08-2020 10:49:00",
    "description": "An HTML-injection vulnerability (CVE-2020-5915) has been discovered affecting multiple F5 BIG-IP Products. Insufficient sanitisation of user input in Traffic Management User Interface (TMUI) or Configuration Utility component can potentially allow an attacker to execute arbitrary commands.",
    "url_title": "2020-042",
    "content_markdown": "---\ntitle: 'XSS Vulnerability in F5 BIG-IP'\nversion: '1.0'\nnumber: '2020-042'\ndate: 'August 28, 2020'\n---\n\n_History:_\n\n* _28/08/2020 --- v1.0 -- Initial publication_\n\n# Summary\n\nAn HTML-injection vulnerability (CVE-2020-5915) has been discovered affecting multiple F5 BIG-IP Products [1]. Insufficient sanitisation of user input in _Traffic Management User Interface (TMUI)_ or _Configuration Utility_ component can potentially allow an attacker to execute arbitrary commands [2].\n\n# Technical Details\n\nAn attacker with _Resource Administrator_ or _Administrator_ privileges may exploit the vulnerability to inject HTML or JavaScript code into a vulnerable section of the application. For a logged in user -- while viewing the affected section -- the injected code is rendered. Theoretically, the attacker can steal cookie-based authentication credentials and control how the site is rendered to the user. More client side attack technics and impact may also be observed.\n\nCurrently, there is not known proof of concept or exploits.\n\n# Products Affected\n\nAccording to the vendor the following products of BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator) are affected:\n\n- 15.0.0 - 15.1.0,\n- 14.0.0 - 14.1.2,\n- 13.1.0 - 13.1.3,\n- 12.1.0 - 12.1.5,\n- 11.5.2 - 11.6.4.\n\n# Recommendations\n\nThe vendor and CERT-EU recommend to upgrade a vulnerable software to a respective version as shown below [2]:\n\n- 15.1.0.5,\n- 15.0.1.4,\n- 14.1.2.4,\n- 13.1.3.4,\n- 12.1.5.2,\n- 11.6.5.2.\n\n\n## Workarounds\n\nSecure access to the BIG-IP system to ensure that the TMUI is only accessible by trusted users.\n\nAs a best practice, run all software as a non-privileged user with minimal access rights. This may limit the immediate consequences of client-side vulnerabilities.\n\n# References\n\n[1] <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5915>\n\n[2] <https://support.f5.com/csp/article/K57214921>\n",
    "content_html": "<p><em>History:</em></p><ul><li><em>28/08/2020 --- v1.0 -- Initial publication</em></li></ul><h2 id=\"summary\">Summary</h2><p>An HTML-injection vulnerability (CVE-2020-5915) has been discovered affecting multiple F5 BIG-IP Products [1]. Insufficient sanitisation of user input in <em>Traffic Management User Interface (TMUI)</em> or <em>Configuration Utility</em> component can potentially allow an attacker to execute arbitrary commands [2].</p><h2 id=\"technical-details\">Technical Details</h2><p>An attacker with <em>Resource Administrator</em> or <em>Administrator</em> privileges may exploit the vulnerability to inject HTML or JavaScript code into a vulnerable section of the application. For a logged in user -- while viewing the affected section -- the injected code is rendered. Theoretically, the attacker can steal cookie-based authentication credentials and control how the site is rendered to the user. More client side attack technics and impact may also be observed.</p><p>Currently, there is not known proof of concept or exploits.</p><h2 id=\"products-affected\">Products Affected</h2><p>According to the vendor the following products of BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator) are affected:</p><ul><li>15.0.0 - 15.1.0,</li><li>14.0.0 - 14.1.2,</li><li>13.1.0 - 13.1.3,</li><li>12.1.0 - 12.1.5,</li><li>11.5.2 - 11.6.4.</li></ul><h2 id=\"recommendations\">Recommendations</h2><p>The vendor and CERT-EU recommend to upgrade a vulnerable software to a respective version as shown below [2]:</p><ul><li>15.1.0.5,</li><li>15.0.1.4,</li><li>14.1.2.4,</li><li>13.1.3.4,</li><li>12.1.5.2,</li><li>11.6.5.2.</li></ul><h3 id=\"workarounds\">Workarounds</h3><p>Secure access to the BIG-IP system to ensure that the TMUI is only accessible by trusted users.</p><p>As a best practice, run all software as a non-privileged user with minimal access rights. This may limit the immediate consequences of client-side vulnerabilities.</p><h2 id=\"references\">References</h2><p>[1] <a rel=\"noopener\" target=\"_blank\" href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5915\">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5915</a></p><p>[2] <a rel=\"noopener\" target=\"_blank\" href=\"https://support.f5.com/csp/article/K57214921\">https://support.f5.com/csp/article/K57214921</a></p>",
    "licence": {
        "title": "Creative Commons Attribution 4.0 International (CC-BY 4.0)",
        "link": "https://creativecommons.org/licenses/by/4.0/",
        "restrictions": "https://cert.europa.eu/legal-notice",
        "author": "The Cybersecurity Service for the Union institutions, bodies, offices and agencies"
    }
}