What is F5 Vulnerability CVE-2020-5902 and How to Fix it

On 1st July 2020, IT people were announced by the vulnerability CVE-2020-5902 with rating 10.0 the highest possible score based on CVSSv3 rating.

What is this CVE-2020-5902?
It is an F5 configuration utility that has Remote Code Execution RCE vulnerability in undisclosed pages.

This vulnerability will grant the unauthenticated attacker through Management port or self IPs to gain a variety of privileges, including the ability to execute arbitrary system commands or java code, create or delete files, as well as disable services on the vulnerable host.
You can imagine how amazing and powerful this vulnerability for attackers. Its mean attacker will get full control of your Big IP.

If not possible to update quickly, you can choose a few alternate mitigation solutions as recommended by F5 Security Board until updating is complete, such as:
Restrict access on self IP interface by changing the port lockdown setting to allow none. This configuration will make configuration utility become inaccessible from self IP interfaces and follow by configuring restriction on management interface by putting in a secure zone which protected by security devices such as firewalls.

Another mitigation as suggested by the F5 Security board is configuring TMUI HTTPD to stop unauthenticated attackers on all interfaces by adding location match configuration element to HTTPD.

Here are the Proof of concept