The developers of F5 have closed several security holes in software that runs on BIG-IP appliances. Versions protected against such attacks are available for download.

Various attacks possible Local Traffic Manager (LTM) has a security vulnerability classified as ” high ” (CVE – 2020 – 5948) vulnerable. If attackers send prepared requests to virtual servers configured with an FTP profile, FTP connections could collapse.

Using a manipulated URL, attackers could manage traffic Target the user interface (TMUI) with an XSS attack (reflected). The risk is classified as ” high “.

The risk from the gap (CVE – 2020 – 5949) outgoing threat is marked with ” medium “classified. Successful attacks lead to the memory contents of the Traffic Management Microkernel (TMM) leaking.

F5 does not explain how attacks could run in detail at this point in time. Information about the repaired versions can be found in the linked warning messages:

BIG-IP LTM vulnerability CVE – 2020 – 5949 F5 TMUI XSS vulnerability CVE – 2020 – 5948 TMM vulnerability CVE – 2020 – 27713 (of)