CVE-2020-5910

7.5HIGH

Key Information:

Vendor: F5
Status: Nginx Controller
Vendor: CVE Published:; 2 July 2020

Summary

In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, the Neural Autonomic Transport System (NATS) messaging services in use by the NGINX Controller do not require any form of authentication, so any successful connection would be authorized.

Affected Version(s)

NGINX Controller 3.0.0-3.5.0, 2.0.0-2.9.0, 1.0.1

References

https://support.f5.com/csp/article/K59209532

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 2, 2020
Vulnerability Reserved
Jan 6, 2020