Back to KEVs

CVE-2020-5902

In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the Traffic Management User Interface...

Basic Information

CVE State: PUBLISHED
Reserved Date: January 06, 2020
Published Date: July 01, 2020
Last Updated: January 29, 2025
Vendor: n/a
Product: BIG-IP
Description: In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the Traffic Management User Interface (TMUI), also referred to as the Configuration utility, has a Remote Code Execution (RCE) vulnerability in undisclosed pages.

CVSS Scores

SSVC Information

Exploitation: active
Automatable: Yes
Technical Impact: total

Exploit Status

Exploited in the Wild: Yes (added 2021-11-03 00:00:00 UTC) Source
Proof of Concept Available: Yes (added 2020-07-07 11:31:31 UTC) Source
Used in Malware: Yes (added 2021-11-03 00:00:00 UTC) Source

References

https://support.f5.com/csp/article/K52145254 http://packetstormsecurity.com/files/158333/BIG-IP-TMUI-Remote-Code-Execution.html http://packetstormsecurity.com/files/158334/BIG-IP-TMUI-Remote-Code-Execution.html http://packetstormsecurity.com/files/158366/F5-BIG-IP-TMUI-Directory-Traversal-File-Upload-Code-Execution.html https://www.kb.cert.org/vuls/id/290915 https://www.criticalstart.com/f5-big-ip-remote-code-execution-exploit/ https://badpackets.net/over-3000-f5-big-ip-endpoints-vulnerable-to-cve-2020-5902/ http://packetstormsecurity.com/files/158414/Checker-CVE-2020-5902.html https://github.com/Critical-Start/Team-Ares/tree/master/CVE-2020-5902 http://packetstormsecurity.com/files/158581/F5-Big-IP-13.1.3-Build-0.0.6-Local-File-Inclusion.html https://swarm.ptsecurity.com/rce-in-f5-big-ip/ http://packetstormsecurity.com/files/175671/F5-BIG-IP-TMUI-Directory-Traversal-File-Upload-Code-Execution.html

Known Exploited Vulnerability Information

Source	Added Date
CISA	2021-11-03 00:00:00 UTC

Scanner Integrations

Scanner	URL	Date Detected
Metasploit	https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/f5_bigip_tmui_rce_cve_2020_5902.rb	2025-04-29 11:01:12 UTC
Nuclei	https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2020/CVE-2020-5902.yaml	2025-04-26 00:00:00 UTC

Potential Proof of Concepts

Warning: These PoCs have not been tested and could contain malware. Use at your own risk.

f5_bigip_tmui_rce_cve_2020_5902

Type: metasploit • Created: Unknown

Metasploit module for CVE-2020-5902

amitlttwo/CVE-2020-5902

Type: github • Created: 2023-02-07 11:07:23 UTC • Stars: 1

In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the Traffic Management User Interface (TMUI), also referred to as the Configuration utility, has a Remote Code Execution (RCE) vulnerability in undisclosed pages.

z3n70/CVE-2020-5902

Type: github • Created: 2022-07-07 14:48:08 UTC • Stars: 2

BIGIP CVE-2020-5902 Exploit POC and automation scanning vulnerability

haisenberg/CVE-2020-5902

Type: github • Created: 2021-04-13 06:48:20 UTC • Stars: 1

Auto exploit RCE CVE-2020-5902

faisalfs10x/F5-BIG-IP-CVE-2020-5902-shodan-scanner

Type: github • Created: 2021-02-04 16:36:21 UTC • Stars: 1

simple bash script of F5 BIG-IP TMUI Vulnerability CVE-2020-5902 checker

murataydemir/CVE-2020-5902

Type: github • Created: 2020-08-13 08:27:25 UTC • Stars: 2

[CVE-2020-5902] F5 BIG-IP Remote Code Execution (RCE)

PushpenderIndia/CVE-2020-5902-Scanner

Type: github • Created: 2020-08-09 11:46:23 UTC • Stars: 13

Automated F5 Big IP Remote Code Execution (CVE-2020-5902) Scanner Written In Python 3

corelight/CVE-2020-5902-F5BigIP

Type: github • Created: 2020-07-28 00:43:14 UTC • Stars: 4

A network detection package for CVE-2020-5902, a CVE10.0 vulnerability affecting F5 Networks, Inc BIG-IP devices.

rockmelodies/CVE-2020-5902-rce-gui

Type: github • Created: 2020-07-17 03:13:30 UTC • Stars: 8

GUI

Al1ex/CVE-2020-5902

Type: github • Created: 2020-07-11 14:01:08 UTC • Stars: 10

CVE-2020-5902

MrCl0wnLab/checker-CVE-2020-5902

Type: github • Created: 2020-07-10 07:00:35 UTC • Stars: 5

Checker CVE-2020-5902: BIG-IP versions 15.0.0 through 15.1.0.3, 14.1.0 through 14.1.2.5, 13.1.0 through 13.1.3.3, 12.1.0 through 12.1.5.1, and 11.6.1 through 11.6.5.1 suffer from Traffic Management User Interface (TMUI) arbitrary file read and command execution vulnerabilities.