The Traffic Management User Interface (TMUI), also known as Configuration Utility, is susceptible to a Remote Code Execution Vulnerability (CVE-2020-5902). Proof-of-concept exploit codes are already making the rounds which means the vulnerability has already been exploited. There is, therefore, an urgent need to take action.
Which systems are affected?
The vulnerability affects all Big-IP systems up to and including version 15.x. Version 16.x is not affected.
Product | Ver. | Vulnerable versions | Resolved in | Criticality | CVSSv3 score |
BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, AWAF, DDHD, DNS, FPS, GTM, Link Controller, PEM, SSLO) | 16.x | None | 16.0.0 | Not vulnerable | None |
| 15.x | 15.0.0 - 15.1.0 | 15.1.0.4 | Critical | 10.0 | |
| 14.x | 14.1.0 - 14.1.2 | 14.1.2.6 | |||
| 13.x | 13.1.0 - 13.1.3 | 13.1.3.4 | |||
| 12.x | 12.1.0 - 12.1.5 | 12.1.5.2 | |||
| 11.x | 11.6.1 - 11.6.5 | 11.6.5.2 |
How can you protect yourself?
Install the corresponding security updates as soon as possible.
If the Traffic Management User Interface could be accessed from the internet, there is a very high probability that the system has already been compromised. The F5 Knowledge Base article about this vulnerability (Indications of Compromise) provides additional information on how to detect a compromise. If there is any uncertainty, the affected system should be reset. More information can be found in the F5 article Considerations and guidance when you suspect a security compromise on a BIG-IP system.
