{"vulnerability": "cve-2020-5948", "sightings": [{"uuid": "36a520e3-5762-441a-86bd-591a88db666d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-5948", "type": "seen", "source": "https://t.me/cibsecurity/20503", "content": "\u203c CVE-2020-5948 \u203c\n\nOn BIG-IP versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-14.1.2.7, 13.1.0-13.1.3.4, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, undisclosed endpoints in iControl REST allow for a reflected XSS attack, which could lead to a complete compromise of the BIG-IP system if the victim user is granted the admin role.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-11T22:54:33.000000Z"}, {"uuid": "e25a8eaa-cd81-48a3-8146-21e99ea5d6b4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-5948", "type": "seen", "source": "https://t.me/cibsecurity/20576", "content": "\u203c CVE-2020-5948 \u203c\n\nOn BIG-IP versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-14.1.2.7, 13.1.0-13.1.3.4, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, undisclosed endpoints in iControl REST allow for a reflected XSS attack, which could lead to a complete compromise of the BIG-IP system if the victim user is granted the admin role.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-12T00:45:47.000000Z"}, {"uuid": "d37ecd2a-9b34-4e58-adc0-de3361f9223d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-5948", "type": "seen", "source": "https://t.me/cibsecurity/20635", "content": "\u203c CVE-2020-5948 \u203c\n\nOn BIG-IP versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-14.1.2.7, 13.1.0-13.1.3.4, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, undisclosed endpoints in iControl REST allow for a reflected XSS attack, which could lead to a complete compromise of the BIG-IP system if the victim user is granted the admin role.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-12T02:25:20.000000Z"}, {"uuid": "f6bfae2f-395e-4be2-9178-97c4583d0f69", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-5948", "type": "seen", "source": "https://t.me/cibsecurity/20523", "content": "\u203c CVE-2020-5948 \u203c\n\nOn BIG-IP versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-14.1.2.7, 13.1.0-13.1.3.4, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, undisclosed endpoints in iControl REST allow for a reflected XSS attack, which could lead to a complete compromise of the BIG-IP system if the victim user is granted the admin role.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-11T23:25:28.000000Z"}, {"uuid": "3bdbd81d-d79b-4885-a53f-e56a63f0e0ec", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-5948", "type": "seen", "source": "https://t.me/cibsecurity/20543", "content": "\u203c CVE-2020-5948 \u203c\n\nOn BIG-IP versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-14.1.2.7, 13.1.0-13.1.3.4, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, undisclosed endpoints in iControl REST allow for a reflected XSS attack, which could lead to a complete compromise of the BIG-IP system if the victim user is granted the admin role.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-12T00:25:28.000000Z"}, {"uuid": "cde784ff-398d-4af9-8016-1e1a73f5ff62", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-5948", "type": "seen", "source": "https://t.me/cibsecurity/20615", "content": "\u203c CVE-2020-5948 \u203c\n\nOn BIG-IP versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-14.1.2.7, 13.1.0-13.1.3.4, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, undisclosed endpoints in iControl REST allow for a reflected XSS attack, which could lead to a complete compromise of the BIG-IP system if the victim user is granted the admin role.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-12T01:25:14.000000Z"}, {"uuid": "a0bf591c-4fdb-4fd7-8651-53486f4ac9de", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-5948", "type": "seen", "source": "https://t.me/cibsecurity/20595", "content": "\u203c CVE-2020-5948 \u203c\n\nOn BIG-IP versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-14.1.2.7, 13.1.0-13.1.3.4, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, undisclosed endpoints in iControl REST allow for a reflected XSS attack, which could lead to a complete compromise of the BIG-IP system if the victim user is granted the admin role.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-12T01:05:06.000000Z"}, {"uuid": "198cbcc1-8d48-4968-8747-94c12feb6f2a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-5948", "type": "seen", "source": "https://t.me/cibsecurity/20556", "content": "\u203c CVE-2020-5948 \u203c\n\nOn BIG-IP versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-14.1.2.7, 13.1.0-13.1.3.4, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, undisclosed endpoints in iControl REST allow for a reflected XSS attack, which could lead to a complete compromise of the BIG-IP system if the victim user is granted the admin role.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-12T00:35:54.000000Z"}, {"uuid": "b209ef39-66bc-4115-befb-e6111a5d2a12", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-5948", "type": "seen", "source": "https://t.me/cibsecurity/20484", "content": "\u203c CVE-2020-5948 \u203c\n\nOn BIG-IP versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-14.1.2.7, 13.1.0-13.1.3.4, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, undisclosed endpoints in iControl REST allow for a reflected XSS attack, which could lead to a complete compromise of the BIG-IP system if the victim user is granted the admin role.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-11T22:39:00.000000Z"}, {"uuid": "71b0bc82-5b37-416f-8504-e8a26d11557d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-5948", "type": "seen", "source": "https://t.me/CyberSecurityIL/513", "content": "\u05de\u05e2\u05e8\u05da \u05d4\u05e1\u05d9\u05d9\u05d1\u05e8 \u05d4\u05dc\u05d0\u05d5\u05de\u05d9:\n\n\u05e4\u05d2\u05d9\u05e2\u05d5\u05ea \u05d1\u05de\u05d5\u05e6\u05e8 BIG-IP \u05e9\u05dc \u05d7\u05d1\u05e8\u05ea F5. \n\n\u05e9\u05dc\u05d5\u05dd \u05e8\u05d1,\n\n1.      \u05d7\u05d1\u05e8\u05ea F5 \u05e4\u05e8\u05e1\u05de\u05d4 \u05dc\u05d0\u05d7\u05e8\u05d5\u05e0\u05d4 \u05d4\u05ea\u05e8\u05e2\u05ea \u05d0\u05d1\u05d8\u05d7\u05d4 \u05e2\u05d1\u05d5\u05e8 \u05e4\u05d2\u05d9\u05e2\u05d5\u05ea \u05e7\u05e8\u05d9\u05d8\u05d9\u05ea \u05e9\u05d4\u05ea\u05d2\u05dc\u05ea\u05d4 \u05d1\u05e6\u05d9\u05d5\u05d3 \u05de\u05e1\u05d5\u05d2 BIG-IP \u05de\u05ea\u05d5\u05e6\u05e8\u05ea\u05d4.\n\n2.      \u05d4\u05e4\u05d2\u05d9\u05e2\u05d5\u05ea (CVE-2020-5948) \u05e2\u05dc\u05d5\u05dc\u05d4 \u05dc\u05d0\u05e4\u05e9\u05e8 \u05ea\u05e7\u05d9\u05e4\u05d4 \u05de\u05e1\u05d5\u05d2 Reflected XSS, \u05db\u05e0\u05d2\u05d3 \u05de\u05de\u05e9\u05e7 \u05d4\u05e0\u05d9\u05d4\u05d5\u05dc, \u05d1\u05d0\u05de\u05e6\u05e2\u05d5\u05ea \u05e4\u05d2\u05d9\u05e2\u05d5\u05ea \u05e9\u05dc\u05d0 \u05e4\u05d5\u05e8\u05d8\u05d4 \u05d1-iControl REST.\n\n3.      \u05d0\u05dd \u05dc\u05de\u05e9\u05ea\u05de\u05e9 \u05d4\u05de\u05d5\u05ea\u05e7\u05e3 \u05d9\u05e9 \u05d4\u05e8\u05e9\u05d0\u05d5\u05ea \u05de\u05e0\u05d4\u05dc\u05df, \u05d4\u05de\u05ea\u05e7\u05e4\u05d4 \u05e2\u05dc\u05d5\u05dc\u05d4 \u05dc\u05d0\u05e4\u05e9\u05e8 \u05dc\u05ea\u05d5\u05e7\u05e3 \u05d4\u05e9\u05ea\u05dc\u05d8\u05d5\u05ea \u05de\u05dc\u05d0\u05d4 \u05e2\u05dc \u05d4\u05e6\u05d9\u05d5\u05d3.", "creation_timestamp": "2020-12-21T16:05:56.000000Z"}, {"uuid": "4457c6dc-17cd-40c9-b65a-fde0657b098b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-5948", "type": "seen", "source": "https://t.me/CyberSecurityTechnologies/2306", "content": "F5 Big IP Vulnerabilities:\n1. F5 TMUI XSS vulnerability (CVE-2020-5948)\nhttps://support.f5.com/csp/article/K42696541\n]-> Restricting access to the Configuration utility by source IP address (11.x-16.x)\nhttps://support.f5.com/csp/article/K13309\n]-> Overview of securing access to the BIG-IP system\n2. BIG-IP LTM vulnerability (CVE-2020-5949)\nhttps://support.f5.com/csp/article/K20984059\n]-> Configuring SYN cookie protection (13.x-16.x)\nhttps://support.f5.com/csp/article/K74451051", "creation_timestamp": "2020-12-16T12:01:59.000000Z"}, {"uuid": "09df4960-744a-4136-b9d3-97908f09b2fa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-5948", "type": "seen", "source": "https://t.me/CyberGovIL/1081", "content": "\u05e4\u05d2\u05d9\u05e2\u05d5\u05ea \u05d1\u05de\u05d5\u05e6\u05e8  BIG-IP \u05e9\u05dc \u05d7\u05d1\u05e8\u05ea F5\nhttps://www.gov.il/he/departments/publications/reports/bigip_f5\n\n\u05d7\u05d1\u05e8\u05ea F5 \u05e4\u05e8\u05e1\u05de\u05d4 \u05dc\u05d0\u05d7\u05e8\u05d5\u05e0\u05d4 \u05d4\u05ea\u05e8\u05e2\u05ea \u05d0\u05d1\u05d8\u05d7\u05d4 \u05e2\u05d1\u05d5\u05e8 \u05e4\u05d2\u05d9\u05e2\u05d5\u05ea \u05e7\u05e8\u05d9\u05d8\u05d9\u05ea \u05e9\u05d4\u05ea\u05d2\u05dc\u05ea\u05d4 \u05d1\u05e6\u05d9\u05d5\u05d3 \u05de\u05e1\u05d5\u05d2 BIG-IP \u05de\u05ea\u05d5\u05e6\u05e8\u05ea\u05d4.\u05d4\u05e4\u05d2\u05d9\u05e2\u05d5\u05ea (CVE-2020-5948) \u05e2\u05dc\u05d5\u05dc\u05d4 \u05dc\u05d0\u05e4\u05e9\u05e8 \u05ea\u05e7\u05d9\u05e4\u05d4 \u05de\u05e1\u05d5\u05d2 Reflected XSS, \u05db\u05e0\u05d2\u05d3 \u05de\u05de\u05e9\u05e7 \u05d4\u05e0\u05d9\u05d4\u05d5\u05dc, \u05d1\u05d0\u05de\u05e6\u05e2\u05d5\u05ea \u05e4\u05d2\u05d9\u05e2\u05d5\u05ea \u05e9\u05dc\u05d0 \u05e4\u05d5\u05e8\u05d8\u05d4 \u05d1-iControl REST. \u05d0\u05dd \u05dc\u05de\u05e9\u05ea\u05de\u05e9 \u05d4\u05de\u05d5\u05ea\u05e7\u05e3 \u05d9\u05e9 \u05d4\u05e8\u05e9\u05d0\u05d5\u05ea \u05de\u05e0\u05d4\u05dc\u05df, \u05d4\u05de\u05ea\u05e7\u05e4\u05d4 \u05e2\u05dc\u05d5\u05dc\u05d4 \u05dc\u05d0\u05e4\u05e9\u05e8 \u05dc\u05ea\u05d5\u05e7\u05e3 \u05d4\u05e9\u05ea\u05dc\u05d8\u05d5\u05ea \u05de\u05dc\u05d0\u05d4 \u05e2\u05dc \u05d4\u05e6\u05d9\u05d5\u05d3.", "creation_timestamp": "2021-01-07T00:05:40.000000Z"}, {"uuid": "6cbc4962-6824-4b25-9875-506989b84efd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-5948", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityIL/1385", "content": "\u05de\u05e2\u05e8\u05da \u05d4\u05e1\u05d9\u05d9\u05d1\u05e8 \u05d4\u05dc\u05d0\u05d5\u05de\u05d9:\n\n\u05e4\u05d2\u05d9\u05e2\u05d5\u05ea \u05d1\u05de\u05d5\u05e6\u05e8 BIG-IP \u05e9\u05dc \u05d7\u05d1\u05e8\u05ea F5. \n\n\u05e9\u05dc\u05d5\u05dd \u05e8\u05d1,\n\n1.      \u05d7\u05d1\u05e8\u05ea F5 \u05e4\u05e8\u05e1\u05de\u05d4 \u05dc\u05d0\u05d7\u05e8\u05d5\u05e0\u05d4 \u05d4\u05ea\u05e8\u05e2\u05ea \u05d0\u05d1\u05d8\u05d7\u05d4 \u05e2\u05d1\u05d5\u05e8 \u05e4\u05d2\u05d9\u05e2\u05d5\u05ea \u05e7\u05e8\u05d9\u05d8\u05d9\u05ea \u05e9\u05d4\u05ea\u05d2\u05dc\u05ea\u05d4 \u05d1\u05e6\u05d9\u05d5\u05d3 \u05de\u05e1\u05d5\u05d2 BIG-IP \u05de\u05ea\u05d5\u05e6\u05e8\u05ea\u05d4.\n\n2.      \u05d4\u05e4\u05d2\u05d9\u05e2\u05d5\u05ea (CVE-2020-5948) \u05e2\u05dc\u05d5\u05dc\u05d4 \u05dc\u05d0\u05e4\u05e9\u05e8 \u05ea\u05e7\u05d9\u05e4\u05d4 \u05de\u05e1\u05d5\u05d2 Reflected XSS, \u05db\u05e0\u05d2\u05d3 \u05de\u05de\u05e9\u05e7 \u05d4\u05e0\u05d9\u05d4\u05d5\u05dc, \u05d1\u05d0\u05de\u05e6\u05e2\u05d5\u05ea \u05e4\u05d2\u05d9\u05e2\u05d5\u05ea \u05e9\u05dc\u05d0 \u05e4\u05d5\u05e8\u05d8\u05d4 \u05d1-iControl REST.\n\n3.      \u05d0\u05dd \u05dc\u05de\u05e9\u05ea\u05de\u05e9 \u05d4\u05de\u05d5\u05ea\u05e7\u05e3 \u05d9\u05e9 \u05d4\u05e8\u05e9\u05d0\u05d5\u05ea \u05de\u05e0\u05d4\u05dc\u05df, \u05d4\u05de\u05ea\u05e7\u05e4\u05d4 \u05e2\u05dc\u05d5\u05dc\u05d4 \u05dc\u05d0\u05e4\u05e9\u05e8 \u05dc\u05ea\u05d5\u05e7\u05e3 \u05d4\u05e9\u05ea\u05dc\u05d8\u05d5\u05ea \u05de\u05dc\u05d0\u05d4 \u05e2\u05dc \u05d4\u05e6\u05d9\u05d5\u05d3.", "creation_timestamp": "2020-12-21T16:05:56.000000Z"}, {"uuid": "632df8d9-bba9-4b60-9147-9d1610e91c1d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-5948", "type": "seen", "source": "https://t.me/CyberGovIL/1015", "content": "\u05e4\u05d2\u05d9\u05e2\u05d5\u05ea \u05d1\u05de\u05d5\u05e6\u05e8  BIG-IP \u05e9\u05dc \u05d7\u05d1\u05e8\u05ea Com2676 | F5\n\n\u05d7\u05d1\u05e8\u05ea F5 \u05e4\u05e8\u05e1\u05de\u05d4 \u05dc\u05d0\u05d7\u05e8\u05d5\u05e0\u05d4 \u05d4\u05ea\u05e8\u05e2\u05ea \u05d0\u05d1\u05d8\u05d7\u05d4 \u05e2\u05d1\u05d5\u05e8 \u05e4\u05d2\u05d9\u05e2\u05d5\u05ea \u05e7\u05e8\u05d9\u05d8\u05d9\u05ea \u05e9\u05d4\u05ea\u05d2\u05dc\u05ea\u05d4 \u05d1\u05e6\u05d9\u05d5\u05d3 \u05de\u05e1\u05d5\u05d2 BIG-IP \u05de\u05ea\u05d5\u05e6\u05e8\u05ea\u05d4.\n\n\u05d4\u05e4\u05d2\u05d9\u05e2\u05d5\u05ea (CVE-2020-5948) \u05e2\u05dc\u05d5\u05dc\u05d4 \u05dc\u05d0\u05e4\u05e9\u05e8 \u05ea\u05e7\u05d9\u05e4\u05d4 \u05de\u05e1\u05d5\u05d2 Reflected XSS, \u05db\u05e0\u05d2\u05d3 \u05de\u05de\u05e9\u05e7 \u05d4\u05e0\u05d9\u05d4\u05d5\u05dc, \u05d1\u05d0\u05de\u05e6\u05e2\u05d5\u05ea \u05e4\u05d2\u05d9\u05e2\u05d5\u05ea \u05e9\u05dc\u05d0 \u05e4\u05d5\u05e8\u05d8\u05d4 \u05d1-iControl REST.\n\n\u05d0\u05dd \u05dc\u05de\u05e9\u05ea\u05de\u05e9 \u05d4\u05de\u05d5\u05ea\u05e7\u05e3 \u05d9\u05e9 \u05d4\u05e8\u05e9\u05d0\u05d5\u05ea \u05de\u05e0\u05d4\u05dc\u05df, \u05d4\u05de\u05ea\u05e7\u05e4\u05d4 \u05e2\u05dc\u05d5\u05dc\u05d4 \u05dc\u05d0\u05e4\u05e9\u05e8 \u05dc\u05ea\u05d5\u05e7\u05e3 \u05d4\u05e9\u05ea\u05dc\u05d8\u05d5\u05ea \u05de\u05dc\u05d0\u05d4 \u05e2\u05dc \u05d4\u05e6\u05d9\u05d5\u05d3.", "creation_timestamp": "2020-12-21T15:51:26.000000Z"}]}