CVE-2020-5906
First published: Wed Jul 01 2020(Updated: )
In versions 13.1.0-13.1.3.3, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, the BIG-IP system does not properly enforce the access controls for the scp.blacklist files. This allows Admin and Resource Admin users with Secure Copy (SCP) protocol access to read and overwrite blacklisted files via SCP.
Credit: f5sirt@f5.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| F5 BIG-IP Access Policy Manager | >=11.6.1<=11.6.5 | |
| F5 BIG-IP Access Policy Manager | >=12.1.0<=12.1.5 | |
| F5 BIG-IP Access Policy Manager | >=13.1.0<=13.1.3 | |
| F5 BIG-IP Advanced Firewall Manager | >=11.6.1<=11.6.5 | |
| F5 BIG-IP Advanced Firewall Manager | >=12.1.0<=12.1.5 | |
| F5 BIG-IP Advanced Firewall Manager | >=13.1.0<=13.1.3 | |
| F5 BIG-IP Analytics | >=11.6.1<=11.6.5 | |
| F5 BIG-IP Analytics | >=12.1.0<=12.1.5 | |
| F5 BIG-IP Analytics | >=13.1.0<=13.1.3 | |
| F5 Big-ip Application Acceleration Manager | >=11.6.1<=11.6.5 | |
| F5 Big-ip Application Acceleration Manager | >=12.1.0<=12.1.5 | |
| F5 Big-ip Application Acceleration Manager | >=13.1.0<=13.1.3 | |
| F5 BIG-IP Application Security Manager | >=11.6.1<=11.6.5 | |
| F5 BIG-IP Application Security Manager | >=12.1.0<=12.1.5 | |
| F5 BIG-IP Application Security Manager | >=13.1.0<=13.1.3 | |
| F5 Big-ip Domain Name System | >=11.6.1<=11.6.5 | |
| F5 Big-ip Domain Name System | >=12.1.0<=12.1.5 | |
| F5 Big-ip Domain Name System | >=13.1.0<=13.1.3 | |
| F5 Big-ip Fraud Protection Service | >=11.6.1<=11.6.5 | |
| F5 Big-ip Fraud Protection Service | >=12.1.0<=12.1.5 | |
| F5 Big-ip Fraud Protection Service | >=13.1.0<=13.1.3 | |
| F5 Big-ip Global Traffic Manager | >=11.6.1<=11.6.5 | |
| F5 Big-ip Global Traffic Manager | >=12.1.0<=12.1.5 | |
| F5 Big-ip Global Traffic Manager | >=13.1.0<=13.1.3 | |
| F5 Big-ip Link Controller | >=11.6.1<=11.6.5 | |
| F5 Big-ip Link Controller | >=12.1.0<=12.1.5 | |
| F5 Big-ip Link Controller | >=13.1.0<=13.1.3 | |
| F5 Big-ip Local Traffic Manager | >=11.6.1<=11.6.5 | |
| F5 Big-ip Local Traffic Manager | >=12.1.0<=12.1.5 | |
| F5 Big-ip Local Traffic Manager | >=13.1.0<=13.1.3 | |
| F5 Big-ip Policy Enforcement Manager | >=11.6.1<=11.6.5 | |
| F5 Big-ip Policy Enforcement Manager | >=12.1.0<=12.1.5 | |
| F5 Big-ip Policy Enforcement Manager | >=13.1.0<=13.1.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
- collector/nvd-index
- agent/weakness
- agent/type
- agent/description
- agent/severity
- agent/author
- agent/references
- agent/event
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/f5
- canonical/f5 big-ip access policy manager
- version/f5 big-ip access policy manager/11.6.1
- version/f5 big-ip access policy manager/11.6.5
- version/f5 big-ip access policy manager/12.1.0
- version/f5 big-ip access policy manager/12.1.5
- version/f5 big-ip access policy manager/13.1.0
- version/f5 big-ip access policy manager/13.1.3
- canonical/f5 big-ip advanced firewall manager
- version/f5 big-ip advanced firewall manager/11.6.1
- version/f5 big-ip advanced firewall manager/11.6.5
- version/f5 big-ip advanced firewall manager/12.1.0
- version/f5 big-ip advanced firewall manager/12.1.5
- version/f5 big-ip advanced firewall manager/13.1.0
- version/f5 big-ip advanced firewall manager/13.1.3
- canonical/f5 big-ip analytics
- version/f5 big-ip analytics/11.6.1
- version/f5 big-ip analytics/11.6.5
- version/f5 big-ip analytics/12.1.0
- version/f5 big-ip analytics/12.1.5
- version/f5 big-ip analytics/13.1.0
- version/f5 big-ip analytics/13.1.3
- canonical/f5 big-ip application acceleration manager
- version/f5 big-ip application acceleration manager/11.6.1
- version/f5 big-ip application acceleration manager/11.6.5
- version/f5 big-ip application acceleration manager/12.1.0
- version/f5 big-ip application acceleration manager/12.1.5
- version/f5 big-ip application acceleration manager/13.1.0
- version/f5 big-ip application acceleration manager/13.1.3
- canonical/f5 big-ip application security manager
- version/f5 big-ip application security manager/11.6.1
- version/f5 big-ip application security manager/11.6.5
- version/f5 big-ip application security manager/12.1.0
- version/f5 big-ip application security manager/12.1.5
- version/f5 big-ip application security manager/13.1.0
- version/f5 big-ip application security manager/13.1.3
- canonical/f5 big-ip domain name system
- version/f5 big-ip domain name system/11.6.1
- version/f5 big-ip domain name system/11.6.5
- version/f5 big-ip domain name system/12.1.0
- version/f5 big-ip domain name system/12.1.5
- version/f5 big-ip domain name system/13.1.0
- version/f5 big-ip domain name system/13.1.3
- canonical/f5 big-ip fraud protection service
- version/f5 big-ip fraud protection service/11.6.1
- version/f5 big-ip fraud protection service/11.6.5
- version/f5 big-ip fraud protection service/12.1.0
- version/f5 big-ip fraud protection service/12.1.5
- version/f5 big-ip fraud protection service/13.1.0
- version/f5 big-ip fraud protection service/13.1.3
- canonical/f5 big-ip global traffic manager
- version/f5 big-ip global traffic manager/11.6.1
- version/f5 big-ip global traffic manager/11.6.5
- version/f5 big-ip global traffic manager/12.1.0
- version/f5 big-ip global traffic manager/12.1.5
- version/f5 big-ip global traffic manager/13.1.0
- version/f5 big-ip global traffic manager/13.1.3
- canonical/f5 big-ip link controller
- version/f5 big-ip link controller/11.6.1
- version/f5 big-ip link controller/11.6.5
- version/f5 big-ip link controller/12.1.0
- version/f5 big-ip link controller/12.1.5
- version/f5 big-ip link controller/13.1.0
- version/f5 big-ip link controller/13.1.3
- canonical/f5 big-ip local traffic manager
- version/f5 big-ip local traffic manager/11.6.1
- version/f5 big-ip local traffic manager/11.6.5
- version/f5 big-ip local traffic manager/12.1.0
- version/f5 big-ip local traffic manager/12.1.5
- version/f5 big-ip local traffic manager/13.1.0
- version/f5 big-ip local traffic manager/13.1.3
- canonical/f5 big-ip policy enforcement manager
- version/f5 big-ip policy enforcement manager/11.6.1
- version/f5 big-ip policy enforcement manager/11.6.5
- version/f5 big-ip policy enforcement manager/12.1.0
- version/f5 big-ip policy enforcement manager/12.1.5
- version/f5 big-ip policy enforcement manager/13.1.0
- version/f5 big-ip policy enforcement manager/13.1.3