CVE-2020-5950

On BIG-IP 14.1.0-14.1.2.6, undisclosed endpoints in iControl REST allow for a reflected XSS attack, which could lead to a complete compromise of the BIG-IP system if the victim user is granted the admin role.

Published: Dec 11, 2020
Updated: Apr 14, 2023
CVE: CVE-2020-5950
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.3
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:N/I:N/A:P

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
f5 / big-ip_advanced_firewall_manager	14.1.0	14.1.2.7

https://support.f5.com/csp/article/K05204103
https://support.f5.com/csp/article/K42696541

Vulnerability Database

290,020

CVE-2020-5950