NGINX Controller Agent Vulnerability Affecting F5 Networks
CVE-2020-27730

9.8CRITICAL

Key Information:

Vendor: F5
Status: Nginx Controller
Vendor: CVE Published:; 11 December 2020

Summary

The NGINX Controller Agent versions 3.0.0 to 3.9.0, 2.0.0 to 2.9.0, and 1.0.1 contain a vulnerability due to the usage of relative paths when invoking system utilities. This can lead to security risks where unauthorized users might exploit this behavior to execute commands or scripts, potentially compromising system integrity. It is crucial for users to update to secured versions to mitigate these risks.

Affected Version(s)

NGINX Controller 3.0.0-3.9.0, 2.0.0-2.9.0, 1.0.1

References

https://support.f5.com/csp/article/K43530108

x_refsource_CONFIRM

https://security.netapp.com/advisory/ntap-20210115-0004/

x_refsource_CONFIRM

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 11, 2020
Vulnerability Reserved
Oct 26, 2020