On July 1, F5 disclosed two new vulnerabilities for certain versions of BIG-IP products in the application delivery controller. The vulnerability CVE-2020-5902 allows for remote execution of arbitrary system commands. An additional exploit, CVE- 2020-5903, affects the same vulnerable management interface via a cross-site scripting vulnerability (XSS) The vulnerability was deemed so critical that U.S. Cyber Command issued a tweet on the afternoon of July 3 recommending immediate patching despite the holiday weekend.”]