The vulnerability affecting F5 Networks’ BIG-IP application delivery controller (ADC) is tracked as CVE-2020-5902 and it was disclosed last week by the vendor and Positive Technologies, the cybersecurity company whose researchers identified the issue. F5 has released patches and organizations have been advised to apply them immediately.
The security hole has been described as a critical remote code execution vulnerability that can be exploited to take complete control of a system. The issue is related to the Traffic Management User Interface (TMUI) configuration utility. An attacker who has access to this utility can exploit the weakness to create or delete files, disable services, intercept data, and run arbitrary code or commands.