CVSS 3.1 Score 9.8 of 10 (high)


Published Jul 1, 2020
Updated: Nov 14, 2023


CVE-2020-5902 is a Critical vulnerability that affects various versions of the BIG-IP Traffic Management User Interface (TMUI) in F5 Networks' BIG-IP products. This Remote Code Execution (RCE) vulnerability exists in undisclosed pages and has a base severity score of 9.8 out of 10. The vulnerability has a high impact on both confidentiality and integrity, with no privileges required or user interaction necessary for exploitation. It is classified as CWE-22, indicating an improper limitation of a pathname to a restricted directory (Path Traversal). The exploitability score is 3.9 out of 10, and the attack vector is through the network. Organizations using affected versions should apply the necessary updates and patches provided by F5 Networks to remediate this vulnerability promptly. Failure to do so may result in potential unauthorized remote code execution, leading to significant harm to an organization's infrastructure and data security.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2020-5902 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options