Fwd: [CIVN-2020-0272] Cross Site Scripting Vulnerability in F5 BIG-IP Products

1 year ago 85

Severity rating:  High

Software affected

F5 BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, FPS, GTM, Link

Controller, PEM) versions:

·         15.x versions 15.1.0 and 15.0.0

·         14.x versions from 14.1.0 to 14.1.2

·         13.x versions from 13.1.0 to 13.1.3

·         12.x versions from 12.1.0 to 12.1.5


A vulnerability has been reported in F5 BIG-IP products which could allow

an attacker to perform cross-site scripting attack on a targeted system.


This vulnerability exists in multiple BIG-IP products due to a flaw in

undisclosed pages of Traffic Management User Interface (TMUI), also

referred to as the Configuration utility. 

Successful exploitation of this vulnerability could allow the attacker to

run JavaScript in the context of the currently logged-in user. In case the

user has administrative privileges with access to the Advanced Shell

(bash), the attacker can completely compromise the targeted system.


Update to the fixed versions as mentioned in the F5 advisory

Vendor Information

F5 Networks



CVE Name


Read Entire Article