NCSC Cyber Security Advisory CSA-2020-1740

Remote code execution vulnerability in F5 BIG-IP products


The National Cyber Security Centre (NCSC) is aware of a critical vulnerability affecting F5 BIG-IP products. This vulnerability has been assigned CVE number CVE-2020-5902, and allows actors with network access to the Traffic Management User Interface (TMUI), also known as the Configuration utility, to execute arbitrary commands or access credentials without authentication.

The NCSC is aware of ongoing activity in relation to this vulnerability, including widespread exploitation of internet accessible devices.


  • Verify F5 BIG-IP devices have been updated to mitigate this vulnerability as per the guidance highlighted in the F5 Security Advisory.
  • Restrict management interfaces such as TMUI to be only accessible from trusted networks.
  • Review logging and contact the NCSC if any unauthorised access is identified.


Download NCSC Advisory CSA-2020-1740