CVE-2020-5863
First published: Fri Mar 27 2020(Updated: )
In NGINX Controller versions prior to 3.2.0, an unauthenticated attacker with network access to the Controller API can create unprivileged user accounts. The user which is created is only able to upload a new license to the system but cannot view or modify any other components of the system.
Credit: f5sirt@f5.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| F5 NGINX Controller API Management | >=2.0.0<=2.9.0 | |
| F5 NGINX Controller API Management | >=3.0.0<3.2.0 | |
| F5 NGINX Controller API Management | =1.0.1 | |
| NetApp Cloud Backup |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2020-5863?
CVE-2020-5863 is considered a moderate severity vulnerability due to its ability to create unprivileged user accounts.
How do I fix CVE-2020-5863?
To mitigate CVE-2020-5863, upgrade to NGINX Controller version 3.2.0 or later.
Who is affected by CVE-2020-5863?
CVE-2020-5863 affects NGINX Controller versions prior to 3.2.0.
What can an attacker do with CVE-2020-5863?
An unauthenticated attacker can create unprivileged user accounts that can only upload a new license.
Is there a workaround for CVE-2020-5863?
There is no official workaround for CVE-2020-5863 other than upgrading to an unaffected version.
- agent/severity
- agent/references
- agent/author
- agent/type
- agent/event
- agent/description
- agent/first-publish-date
- agent/softwarecombine
- agent/last-modified-date
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/f5
- canonical/f5 nginx controller api management
- version/f5 nginx controller api management/2.0.0
- version/f5 nginx controller api management/2.9.0
- version/f5 nginx controller api management/3.0.0
- version/f5 nginx controller api management/1.0.1
- vendor/netapp
- canonical/netapp cloud backup