| F5 BIG-IP – Vulnerability!! CVE-2020-5902 – Remote Code Execution (RCE) |
The Traffic Management User Interface (TMUI), also referred to as the Configuration utility, has a Remote Code Execution (RCE) vulnerability in undisclosed pages. (CVE-2020-5902)
This vulnerability allows for unauthenticated attackers, or authenticated users, with network access to the Configuration utility, through the BIG-IP management port and/or self IPs, to execute arbitrary system commands… Read more
| Exchange – New vulnerability that allows privilege escalation |
A new vulnerability that affects Exchange on-premise servers has been discovered recently (https://dirkjanm.io/abusing-exchange-one-api-call-away-from-domain-admin/). By making use of the high privileges Exchange servers have by default, the attacker would be able to escalate from any user with a mailbox to Domain Admin access.
According to Dirk-jan Mollema (see upper link), the vulnerability has been tested against …
