CVE-2020-5863

8.6HIGH

Key Information:

Vendor: F5
Status: Nginx Controller
Vendor: CVE Published:; 27 March 2020

Summary

In NGINX Controller versions prior to 3.2.0, an unauthenticated attacker with network access to the Controller API can create unprivileged user accounts. The user which is created is only able to upload a new license to the system but cannot view or modify any other components of the system.

Affected Version(s)

NGINX Controller 3.0.0-3.1.0, 2.0.0-2.9.0, 1.0.1

References

https://support.f5.com/csp/article/K14631834

x_refsource_MISC

https://security.netapp.com/advisory/ntap-20200430-0005/

x_refsource_CONFIRM

CVSS V3.1

Score:

8.6

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 27, 2020
Vulnerability Reserved
Jan 6, 2020