In versions 13.1.0-13.1.3.3, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, the BIG-IP system does not properly enforce the access controls for the scp.blacklist files. This allows Admin and Resource Admin users with Secure Copy (SCP) protocol access to read and overwrite blacklisted files via SCP.
References
Link | Resource |
---|---|
https://support.f5.com/csp/article/K82518062 | Vendor Advisory |
https://www.kb.cert.org/vuls/id/290915 | Third Party Advisory US Government Resource |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: f5
Published: 2020-07-01T14:33:20
Updated: 2020-07-08T21:06:12
Reserved: 2020-01-06T00:00:00
Link: CVE-2020-5906
JSON object: View
NVD Information
Status : Analyzed
Published: 2020-07-01T15:15:15.673
Modified: 2023-01-27T16:38:01.903
Link: CVE-2020-5906
JSON object: View
Redhat Information
No data.
CWE