1
2name: crowdsecurity/vpatch-CVE-2020-5902
3description: "F5 BIG-IP TMUI - RCE (CVE-2020-5902)"
4rules:
5  - and:
6    - zones:
7      - METHOD
8      match:
9        type: equals
10        value: GET
11    - zones:
12      - URI
13      transform:
14      - lowercase
15      - urldecode
16      match:
17        type: contains
18        value: /tmui/login.jsp/..;/tmui/
19labels:
20  type: exploit
21  service: http
22  confidence: 3
23  spoofable: 0
24  behavior: "http:exploit"
25  label: "F5 BIG-IP TMUI - RCE"
26  classification:
27   - cve.CVE-2020-5902
28   - attack.T1595
29   - attack.T1190
30   - cwe.CWE-22
31