Datashield is aware of a recent vulnerability [CVE-2020-5902] and it has been published for the following F5 products: BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, FPS, GTM, Link Controller, PEM)

This vulnerability affects the Traffic Management User Interface (TMUI), also known as the configuration utility. This is a unauthenticated Remote Code Execution (RCE) vulnerability that allows attackers to execute system commands, create or delete files, disable services, and execute java code. This CVE was rated as a 10 on the CSVSv3 scale. We recommend immediate patching to ensure the vulnerability isn’t leveraged in any attack against your network.

The vulnerable versions, their subsequent hotfixes, and a more granular review of the vulnerability can be found using the link provided below.

https://support.f5.com/csp/article/K52145254

Datashield performed a preliminary scan against the external networks that we had on file, looking for any exposed management interfaces and found none. However, we do want to recommend patching and having your admins ensure that the TMUI is not exposed to the internet. There is also currently no known POC (proof of concept) for this vulnerability.

If you have any questions regarding this vulnerability, please contact us.