Authentication Bypass Vulnerability in NGINX Controller's Messaging Service
CVE-2020-5910

7.5HIGH

Key Information:

Vendor: F5
Status: Nginx Controller
Vendor: CVE Published:; 2 July 2020

What is CVE-2020-5910?

The Neural Autonomic Transport System (NATS) messaging service in NGINX Controller versions 1.0.1, 2.0.0-2.9.0, and 3.0.0-3.5.0 lacks adequate authentication mechanisms, allowing unauthorized users to establish connections. This loophole can be exploited by attackers to gain access to sensitive data and perform unauthorized actions without proper credentials, raising significant concerns regarding the overall security of systems leveraging this product.

Affected Version(s)

NGINX Controller 3.0.0-3.5.0, 2.0.0-2.9.0, 1.0.1

References

https://support.f5.com/csp/article/K59209532

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 2, 2020
Vulnerability Reserved
Jan 6, 2020

F5

What is CVE-2020-5910?

Affected Version(s)

References

CVSS V3.1

Timeline