Authentication Bypass Vulnerability in NGINX Controller's Messaging Service
CVE-2020-5910

7.5HIGH

Key Information:

Vendor: F5
Status: Nginx Controller
Vendor: CVE Published:; 2 July 2020

Summary

The Neural Autonomic Transport System (NATS) messaging service in NGINX Controller versions 1.0.1, 2.0.0-2.9.0, and 3.0.0-3.5.0 lacks adequate authentication mechanisms, allowing unauthorized users to establish connections. This loophole can be exploited by attackers to gain access to sensitive data and perform unauthorized actions without proper credentials, raising significant concerns regarding the overall security of systems leveraging this product.

Affected Version(s)

NGINX Controller 3.0.0-3.5.0, 2.0.0-2.9.0, 1.0.1

References

https://support.f5.com/csp/article/K59209532

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 2, 2020
Vulnerability Reserved
Jan 6, 2020