Exploit for #VU29442 OS Command Injection in F5 Networks Hardware solutions

Published: 2020-07-08 | Updated: 2023-11-02

Vulnerability identifier: #VU29442

Vulnerability risk: High

CVSSv3.1: 9.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C]

CVE-ID: CVE-2020-5902

CWE-ID: CWE-78

Exploitation vector: Network

Exploits in database: 69

November 2, 2023
- F5 BIG-IP TMUI Directory Traversal and File Upload RCE [Metasploit]
February 7, 2023
- CVE-2020-5902 () [Github]
December 14, 2022
- CVE-2020-5902-Scanner () [Github]
July 7, 2022
- CVE-2020-5902 (BIGIP CVE-2020-5902 Exploit POC and automation scanning vulnerability) [Github]
May 29, 2022
- F5-BIG-IP-POC (CVE-2020-5902 CVE-2021-22986 CVE-2022-1388 POC集合) [Github]
June 17, 2021
- BIG-IP 15.0.0 < 15.1.0.3 / 14.1.0 < 14.1.2.5 / 13.1.0 < 13.1.3.3 / 12.1.0 < 12.1.5.1 / 11.6.1 < 11.6.5.1 - Traffic Management User Interface 'TMUI' Remote Code Execution [Exploit-DB]
- F5 Big-IP 13.1.3 Build 0.0.6 - Local File Inclusion [Exploit-DB]
April 13, 2021
- CVE-2020-5902 (Auto exploit RCE CVE-2020-5902 ) [Github]
April 12, 2021
- CVE-2020-5902-fofa-scan () [Github]
March 7, 2021
- CVE-2020-5902 () [Github]
February 9, 2021
- F5-BIG-IP-CVE-2020-5902-shodan-scanner (simple bash script of F5 BIG-IP TMUI Vulnerability CVE-2020-5902 checker) [Github]
February 4, 2021
- F5-BIG-IP-CVE-2020-5902-checker (simple bash script of F5 BIG-IP CVE-2020-5902 checker) [Github]
November 4, 2020
- CVE-2020-5902-Scanner (Automated F5 Big IP Remote Code Execution (CVE-2020-5902) Scanner Written In Python 3) [Github]
October 28, 2020
- CVE-2020-5903 (CVE-2020-5902) [Github]
September 25, 2020
- CVE-2020-5902-F5BigIP (Clone with backwards compatibility with bro-pkg.meta added) [Github]
September 11, 2020
- BIG-IP-F5-TMUI-RCE-Vulnerability ((CVE-2020-5902) BIG IP F5 TMUI RCE Vulnerability RCE PoC/ Test Script ) [Github]
September 1, 2020
- CVE-2020-5902 ([CVE-2020-5902] F5 BIG-IP Remote Code Execution (RCE)) [Github]
August 21, 2020
- cve-2020-5902 () [Github]
August 10, 2020
- CVE-2020-5902-Scanner (Automated F5 Big IP Remote Code Execution (CVE-2020-5902) Scanner Written In Python 3) [Github]
July 29, 2020
- CVE-2020-5902-F5BigIP (A network detection package for CVE-2020-5902, a CVE10.0 vulnerability affecting F5 Networks, Inc BIG-IP devices.) [Github]
July 25, 2020
- CVE-2020-5902-Vuln-Checker (Simple Vulnerability Checker Wrote by me "@TheCyberViking" and A fellow Researcher who wanted to be left Nameless... you know who you are you beautiful bitch) [Github]
July 20, 2020
- CVE-2020-5902-rce-gui (GUI) [Github]
- cve-2020-5902-ioc-bigip-checker () [Github]
July 15, 2020
- CVE-2020-5902 (Proof of concept for CVE-2020-5902) [Github]
- CVE-2020-5902-NSE () [Github]
- F5-Patch (Patch F5 appliance CVE-2020-5902) [Github]
- CVE-2020-5902 (F5 BIG-IP Scanner (CVE-2020-5902)) [Github]
- CVE-2020-5902-fix (Fix CVE-2020-5902) [Github]
- CVE-2020-5902 (Python script to exploit F5 Big-IP CVE-2020-5902 ) [Github]
- CVE-2020-5902-F5BIG () [Github]
- CVE-2020-5902-Scanner (Automated script for F5 BIG-IP scanner (CVE-2020-5902) using hosts retrieved from Shodan API.) [Github]
- CVE-2020-5902-F5-BIGIP (Scan from a given list for F5 BIG-IP and check for CVE-2020-5902) [Github]
- CVE-2020-5902 (Python script to check CVE-2020-5902 (F5 BIG-IP devices).) [Github]
- CVE-2020-5902 (F5 BIG-IP 任意文件读取+远程命令执行RCE) [Github]
- CVE-2020-5902 (CVE-2020-5902) [Github]
- CVE-2020-5902 (CVE-2020-5902) [Github]
- F5-BIG-IP-CVE-2020-5902 () [Github]
- poc-CVE-2020-5902 (dummy poc) [Github]
- CVE-2020-5902_RCE () [Github]
- CVE-2020-5902 () [Github]
- scanner-CVE-2020-5902 (CVE-2020-5902 scanner) [Github]
- RCE-CVE-2020-5902 (BIG-IP F5 Remote Code Execution) [Github]
- CVE-2020-5902 () [Github]
- CVE-2020-5902 (POC code for checking for this vulnerability. Since the code has been released, I decided to release this one as well. Patch Immediately!) [Github]
- CVE-2020-5902 (CVE-2020-5902) [Github]
- CVE-2020-5902-POC-EXP (批量扫描CVE-2020-5902，远程代码执行，已测试) [Github]
- f5_scanner (F5 mass scanner and CVE-2020-5902 checker) [Github]
- CVE-2020-5902-fofa-scan () [Github]
- GoF5-CVE-2020-5902 (Script para validar CVE-2020-5902 hecho en Go.) [Github]
- cve-2020-5902 (cve-2020-5902 POC exploit) [Github]
- CVE-2020-5902 (POC) [Github]
- CVE-2020-5902 (CVE-2020-5902 Exploit) [Github]
- checkvulnCVE2020590 (A powershell script to check vulnerability CVE-2020-5902 of ip list) [Github]
- CVE-2020-5902 (exploit code for F5-Big-IP (CVE-2020-5902)) [Github]
- CVE-2020-5902 (Proof of Concept for CVE-2020-5902) [Github]
- CVE-2020-5902 () [Github]
- CVE-2020-5902 () [Github]
- CVE-2020-5902-POC (批量检测CVE-2020-5902) [Github]
- CVE-2020-5902 (Exploits for CVE-2020-5902 POC ) [Github]
- checker-CVE-2020-5902 (Checker CVE-2020-5902: BIG-IP versions 15.0.0 through 15.1.0.3, 14.1.0 through 14.1.2.5, 13.1.0 through 13.1.3.3, 12.1.0 through 12.1.5.1, and 11.6.1 through 11.6.5.1 suffer from Traffic Management User Interface (TMUI) arbitrary fi [Github]
- f5scan (F5 BIG IP Scanner for CVE-2020-5902) [Github]
- CVE-2020-5902-Mass (Mass exploit for CVE-2020-5902) [Github]
- EvilRip (It is a small script to fetch out the subdomains/ip vulnerable to CVE-2020-5902 written in bash) [Github]
- F5-Big-IP-CVE-2020-5902-mass-exploiter (F5 Big-IP CVE-2020-5902 mass exploiter/fuzzer.) [Github]
- CVE-2020-5902 (CVE-2020-5902) [Github]
- f5-bigip-rce-cve-2020-5902 (F5 BIG-IP RCE CVE-2020-5902 automatic check tool) [Github]
- cve-2020-5902 () [Github]
- CVE-2020-5902 (CVE-2020-5902 BIG-IP) [Github]
July 8, 2020
- F5 BIG-IP TMUI Directory Traversal and File Upload RCE [Metasploit]

Impact: Code execution

Vendor: F5 Networks