CVE-2020-5902
Description
In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the Traffic Management User Interface (TMUI), also referred to as the Configuration utility, has a Remote Code Execution (RCE) vulnerability in undisclosed pages.
Severity: CRITICAL
CVE ID: CVE-2020-5902
CVSS Score: 9.8
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Proof Of Concept
Nuclei Templates for CVE-2020-5902
Refrence: Project Discovery GitHub
dwisiswant0
CVE-2020-5902
Refrence: GitHub
aqhmal
Automated script for F5 BIG-IP scanner (CVE-2020-5902) using hosts retrieved from Shodan API.
Refrence: GitHub
jas502n
CVE-2020-5902 BIG-IP
Refrence: GitHub
ar0dd
POC code for checking for this vulnerability. Since the code has been released, I decided to release this one as well. Patch Immediately!
Refrence: GitHub
yassineaboukir
Proof of concept for CVE-2020-5902
Refrence: GitHub
rwincey
Refrence: GitHub
un4gi
Proof of Concept for CVE-2020-5902
Refrence: GitHub
nsflabs
Refrence: GitHub
yasserjanah
exploit code for F5-Big-IP (CVE-2020-5902)
Refrence: GitHub
JSec1337
BIG-IP F5 Remote Code Execution
Refrence: GitHub
dunderhay
Python script to exploit F5 Big-IP CVE-2020-5902
Refrence: GitHub
r0ttenbeef
cve-2020-5902 POC exploit
Refrence: GitHub
sv3nbeast
Refrence: GitHub
cybersecurityworks553
CVE-2020-5902 scanner
Refrence: GitHub
lijiaxing1997
批量扫描CVE-2020-5902,远程代码执行,已测试
Refrence: GitHub
qlkwej
dummy poc
Refrence: GitHub
Zinkuth
Refrence: GitHub
0xAbdullah
Python script to check CVE-2020-5902 (F5 BIG-IP devices).
Refrence: GitHub
jinnywc
CVE-2020-5902
Refrence: GitHub
GoodiesHQ
Patch F5 appliance CVE-2020-5902
Refrence: GitHub
jiansiting
F5 BIG-IP Scanner (CVE-2020-5902)
Refrence: GitHub
wdlid
Fix CVE-2020-5902
Refrence: GitHub
Any3ite
Refrence: GitHub
k3nundrum
Refrence: GitHub
inho28
Scan from a given list for F5 BIG-IP and check for CVE-2020-5902
Refrence: GitHub
cristiano-corrado
F5 mass scanner and CVE-2020-5902 checker
Refrence: GitHub
ajdumanhug
POC
Refrence: GitHub
zhzyker
F5 BIG-IP 任意文件读取+远程命令执行RCE
Refrence: GitHub
GovindPalakkal
It is a small script to fetch out the subdomains/ip vulnerable to CVE-2020-5902 written in bash
Refrence: GitHub
dnerzker
Refrence: GitHub
renanhsilva
A powershell script to check vulnerability CVE-2020-5902 of ip list
Refrence: GitHub
halencarjunior
F5 BIG IP Scanner for CVE-2020-5902
Refrence: GitHub
deepsecurity-pe
Script para validar CVE-2020-5902 hecho en Go.
Refrence: GitHub
Shu1L
Refrence: GitHub
d4rk007
F5 Big-IP CVE-2020-5902 mass exploiter/fuzzer.
Refrence: GitHub
TheCyberViking
Simple Vulnerability Checker Wrote by me "@TheCyberViking" and A fellow Researcher who wanted to be left Nameless... you know who you are you beautiful bitch
Refrence: GitHub
itsjeffersonli
Exploits for CVE-2020-5902 POC
Refrence: GitHub
MrCl0wnLab
Checker CVE-2020-5902: BIG-IP versions 15.0.0 through 15.1.0.3, 14.1.0 through 14.1.2.5, 13.1.0 through 13.1.3.3, 12.1.0 through 12.1.5.1, and 11.6.1 through 11.6.5.1 suffer from Traffic Management User Interface (TMUI) arbitrary file read and command execution vulnerabilities.
Refrence: GitHub
qiong-qi
批量检测CVE-2020-5902
Refrence: GitHub
theLSA
F5 BIG-IP RCE CVE-2020-5902 automatic check tool
Refrence: GitHub
Al1ex
CVE-2020-5902
Refrence: GitHub
freeFV
Refrence: GitHub
momika233
Refrence: GitHub
rockmelodies
GUI
Refrence: GitHub
5l1v3r1
Mass exploit for CVE-2020-5902
Refrence: GitHub
f5devcentral
Refrence: GitHub
corelight
A network detection package for CVE-2020-5902, a CVE10.0 vulnerability affecting F5 Networks, Inc BIG-IP devices.
Refrence: GitHub
PushpenderIndia
Automated F5 Big IP Remote Code Execution (CVE-2020-5902) Scanner Written In Python 3
Refrence: GitHub
murataydemir
[CVE-2020-5902] F5 BIG-IP Remote Code Execution (RCE)
Refrence: GitHub
superzerosec
Refrence: GitHub
ludy-dev
(CVE-2020-5902) BIG IP F5 TMUI RCE Vulnerability RCE PoC/ Test Script
Refrence: GitHub
faisalfs10x
simple bash script of F5 BIG-IP TMUI Vulnerability CVE-2020-5902 checker
Refrence: GitHub
haisenberg
Auto exploit RCE CVE-2020-5902
Refrence: GitHub
west9b
CVE-2020-5902 CVE-2021-22986 CVE-2022-1388 POC集合
Refrence: GitHub
z3n70
BIGIP CVE-2020-5902 Exploit POC and automation scanning vulnerability
Refrence: GitHub
34zY
cve-2019-11510, cve-2019-19781, cve-2020-5902, cve-2021-1497, cve-2021-20090, cve-2021-22006, cve-2021-22205, cve-2021-26084, cve-2021-26855, cve-2021-26857, cve-2021–26857, cve-2021–26858, cve-2021–26865
Refrence: GitHub
amitlttwo
Refrence: GitHub
Content on GitHub
zhzyker | watchers:4026
exphub
Exphub[漏洞利用脚本库] 包括Webloigc、Struts2、Tomcat、Nexus、Solr、Jboss、Drupal的漏洞利用脚本,最新添加CVE-2020-14882、CVE-2020-11444、CVE-2020-10204、CVE-2020-10199、CVE-2020-1938、CVE-2020-2551、CVE-2020-2555、CVE-2020-2883、CVE-2019-17558、CVE-2019-6340
Refrence: GitHub