CVE-2020-5863

Published: Mar 27, 2020Modified: Nov 21, 2024

8.6

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

Exploitability: 3.9 / Impact: 4.7

Source: NVD

Description

In NGINX Controller versions prior to 3.2.0, an unauthenticated attacker with network access to the Controller API can create unprivileged user accounts. The user which is created is only able to upload a new license to the system but cannot view or modify any other components of the system.

Affected (4)

Products: F5: Nginx Controller · Netapp: Cloud Backup

1 product

Nginx Controller

1 product

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
F5 Nginx Controller	From 2.0.0 to 2.9.0
F5 Nginx Controller	From 3.0.0 to 3.2.0
F5 Nginx Controller	Version 1.0.1

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Netapp Cloud Backup	All versions

References (4)

https://security.netapp.com/advisory/ntap-20200430-0005/

Source: f5sirt@f5.com

Third Party Advisory

https://support.f5.com/csp/article/K14631834

Source: f5sirt@f5.com

Vendor Advisory

https://security.netapp.com/advisory/ntap-20200430-0005/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://support.f5.com/csp/article/K14631834

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.