5.8
CVE-2020-5909
- EPSS 0.12%
- Veröffentlicht 02.07.2020 13:15:10
- Zuletzt bearbeitet 21.11.2024 05:34:48
- Quelle f5sirt@f5.com
- CVE-Watchlists
- Unerledigt
LoginIn versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, when users run the command displayed in NGINX Controller user interface (UI) to fetch the agent installer, the server TLS certificate is not verified.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
F5 ≫ Nginx Controller Version >= 2.0.0 <= 2.9.0
F5 ≫ Nginx Controller Version >= 3.0.0 <= 3.5.0
F5 ≫ Nginx Controller Version1.0.1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.12% | 0.274 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.4 | 2.8 | 2.5 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
|
| nvd@nist.gov | 5.8 | 8.6 | 4.9 |
AV:N/AC:M/Au:N/C:P/I:P/A:N
|
CWE-295 Improper Certificate Validation
The product does not validate, or incorrectly validates, a certificate.