Vulnerability Details : CVE-2020-5863
In NGINX Controller versions prior to 3.2.0, an unauthenticated attacker with network access to the Controller API can create unprivileged user accounts. The user which is created is only able to upload a new license to the system but cannot view or modify any other components of the system.
Products affected by CVE-2020-5863
- cpe:2.3:a:f5:nginx_controller:*:*:*:*:*:*:*:*
- cpe:2.3:a:f5:nginx_controller:*:*:*:*:*:*:*:*
- cpe:2.3:a:f5:nginx_controller:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2020-5863
1.17%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 77 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2020-5863
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST | |
|
8.6
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H |
3.9
|
4.7
|
NIST |
References for CVE-2020-5863
-
https://security.netapp.com/advisory/ntap-20200430-0005/
April 2020 NGINX Vulnerabilities in NetApp Products | NetApp Product SecurityThird Party Advisory
-
https://support.f5.com/csp/article/K14631834
Vendor Advisory
Jump to