image credit: pixabay
The critical security hole, identified as CVE-2020-5902, allows an attacker with access to the product’s Traffic Management User Interface (TMUI) configuration utility to obtain credentials and other sensitive data, intercept traffic, and execute arbitrary code or commands, resulting in the system getting completely compromised.
The issue was disclosed on July 1. At the time of disclosure, Positive Technologies, whose employees have been credited for reporting the vulnerability to F5, estimated that there had been thousands of vulnerable devices exposed to the internet, including many in the United States.
Comments are closed.
