CVE-2020-5902 Report Request
This critical vulnerability allows for unauthenticated attackers with network access to the vulnerable F5 BIG-IP server to execute arbitrary system commands, create or delete files, disable services, and/or execute arbitrary Java code. Further exploitation of this vulnerability can allow threat actors to gain a foothold inside the targeted networks and conduct malicious activity, such as spreading ransomware.
Bad Packets® summary report is available here:
The list of vulnerable F5 BIG-IP servers is freely available for authorized government CERT, CSIRT, ISAC, and law enforcement teams to review. To obtain a report of vulnerable hosts impacting your constituency, please fill out the form below.
This form is not for commercial requests. If you need a commercial license for our vulnerability data, please submit request here:
CERT / CSIRT / ISAC – FIRST team membership preferred, see
Government / Law enforcement
Please provide the country, autonomous system number (ASN), IP netblocks (BGP prefix in CIDR format), or domain names of your constituency:
This report request is for non-commercial use only and may not be modified, copied, republished, displayed, posted, or sold in any form or by any means, in whole or in part, without prior written permission from Bad Packets LLC.
Never submit passwords through Google Forms.
This form was created inside of Bad Packets LLC.