CVE-2020-5867 Information
Feb 14, 2021
cve
Description
In versions prior to 3.3.0 the NGINX Controller Agent installer script ‘install.sh’ uses HTTP instead of HTTPS to check and install packages
CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Reference
https://security.netapp.com/advisory/ntap-20200430-0005/ https://support.f5.com/csp/article/K00958787
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction Required
NONE
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
HIGH
Availability Impact
HIGH
Base Score
HIGH
Base Severity
8.1
Share on: