SB2020042407 - Multiple vulnerabilities in NGINX Controller

Description

This security bulletin contains information about 3 secuirty vulnerabilities.

1) Man-in-the-Middle (MitM) attack (CVE-ID: CVE-2020-5867)

The vulnerability allows a remote attacker to perform a man-in-the-middle (MitM) attack.

The vulnerability exists due to the NGINX Controller Agent installer script "install.sh" uses HTTP instead of HTTPS to check and install packages. A remote attacker can perform a MitM attack, intercept the insecure HTTP channel, convincingly forge any packages and get the malicious packages installed on the NGINX Plus instance.

2) Information disclosure (CVE-ID: CVE-2020-5866)

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to the helper.sh script uses sensitive items as command-line arguments. A local user can gain unauthorized access to those sensitive items.

3) Man-in-the-Middle (MitM) attack (CVE-ID: CVE-2020-5865)

The vulnerability allows a remote attacker to perform a man-in-the-middle (MitM) attack.

The vulnerability exists due to the NGINX Controller is configured to communicate with its Postgres database server over unencrypted channels. A remote attacker can perform a MitM attack, intercept communicated data and modify user entered data or run arbitrary SQL commands against the database server.

Remediation

Install update from vendor's website.

References

• https://support.f5.com/csp/article/K00958787
• https://support.f5.com/csp/article/K11922628
• https://support.f5.com/csp/article/K21009022