F5 has released security updates for the BIG-IP Application Delivery Controller, addressing a critical vulnerability (CVE-2020-5902) with a Common Vulnerability Scoring System (CVSS) score of 10 out of 10. An unauthenticated remote attacker could compromise the system by sending a specifically crafted Hypertext Transfer Protocol (HTTP) request to the server hosting the Traffic Management User Interface (TMUI) utility for BIG-IP configuration.
Successful exploitation of the vulnerability could allow an unauthenticated attacker to execute arbitrary code on the affected systems remotely.
The versions known to be vulnerable are:
- 11.6.1 - 11.6.5
- 12.1.0 - 12.1.5
- 13.1.0 - 13.1.3
- 14.1.0 - 14.1.2
- 15.1.0 and 15.0.0
Administrators and users of the affected versions are advised to install the latest security updates immediately.
More information is available at: