正文

F5 BIG-IP TMUI 远程命令执行漏洞

admin
admin V管理员 /0 评论 /12 阅读
0410
此篇文章发布距今已超过1130天,您需要注意文章的内容或图片是否可用!

CVE编号

CVE-2020-5902

利用情况

POC 已公开

补丁情况

没有补丁

披露时间

2020-07-02
漏洞描述
在BIG-IP版本15.0.0-15.1.0.3、14.1.0-14.1.2.5、13.1.0-13.1.3.3、12.1.0-12.1.5.1和11.6.1-11.6.5.1中,流量管理用户接口(TMUI),也称为配置实用程序,在未公开的页面中具有远程执行代码(RCE)漏洞。
解决建议
更新至最新版本
参考链接
http://packetstormsecurity.com/files/158333/BIG-IP-TMUI-Remote-Code-Execution.html
http://packetstormsecurity.com/files/158334/BIG-IP-TMUI-Remote-Code-Execution.html
http://packetstormsecurity.com/files/158366/F5-BIG-IP-TMUI-Directory-Traversa...
http://packetstormsecurity.com/files/158414/Checker-CVE-2020-5902.html
http://packetstormsecurity.com/files/158581/F5-Big-IP-13.1.3-Build-0.0.6-Loca...
https://badpackets.net/over-3000-f5-big-ip-endpoints-vulnerable-to-cve-2020-5902/
https://github.com/Critical-Start/Team-Ares/tree/master/CVE-2020-5902
https://support.f5.com/csp/article/K52145254
https://swarm.ptsecurity.com/rce-in-f5-big-ip/
https://www.criticalstart.com/f5-big-ip-remote-code-execution-exploit/
https://www.kb.cert.org/vuls/id/290915
受影响软件情况
# 类型 厂商 产品 版本 影响面
1
运行在以下环境
应用 f5 big-ip_access_policy_manager * From
(including)
11.6.1 		Up to
(excluding)
11.6.5.2
运行在以下环境
应用 f5 big-ip_access_policy_manager * From
(including)
12.1.0 		Up to
(excluding)
12.1.5.2
运行在以下环境
应用 f5 big-ip_access_policy_manager * From
(including)
13.1.0 		Up to
(excluding)
13.1.3.4
运行在以下环境
应用 f5 big-ip_access_policy_manager * From
(including)
14.1.0 		Up to
(excluding)
14.1.2.6
运行在以下环境
应用 f5 big-ip_access_policy_manager * From
(including)
15.0.0 		Up to
(including)
15.0.1.4
运行在以下环境
应用 f5 big-ip_access_policy_manager * From
(including)
15.1.0 		Up to
(excluding)
15.1.0.4
运行在以下环境
应用 f5 big-ip_advanced_firewall_manager * From
(including)
11.6.1 		Up to
(excluding)
11.6.5.2
运行在以下环境
应用 f5 big-ip_advanced_firewall_manager * From
(including)
12.1.0 		Up to
(excluding)
12.1.5.2
运行在以下环境
应用 f5 big-ip_advanced_firewall_manager * From
(including)
13.1.0 		Up to
(excluding)
13.1.3.4
运行在以下环境
应用 f5 big-ip_advanced_firewall_manager * From
(including)
14.1.0 		Up to
(excluding)
14.1.2.6
运行在以下环境
应用 f5 big-ip_advanced_firewall_manager * From
(including)
15.0.0 		Up to
(excluding)
15.0.1.4
运行在以下环境
应用 f5 big-ip_advanced_firewall_manager * From
(including)
15.1.0 		Up to
(excluding)
15.1.0.4
运行在以下环境
应用 f5 big-ip_advanced_web_application_firewall * From
(including)
11.6.1 		Up to
(excluding)
11.6.5.2
运行在以下环境
应用 f5 big-ip_advanced_web_application_firewall * From
(including)
12.1.0 		Up to
(excluding)
12.1.5.2
运行在以下环境
应用 f5 big-ip_advanced_web_application_firewall * From
(including)
13.1.0 		Up to
(excluding)
13.1.3.4
运行在以下环境
应用 f5 big-ip_advanced_web_application_firewall * From
(including)
14.1.0 		Up to
(excluding)
14.1.2.6
运行在以下环境
应用 f5 big-ip_advanced_web_application_firewall * From
(including)
15.0.0 		Up to
(excluding)
15.0.1.4
运行在以下环境
应用 f5 big-ip_advanced_web_application_firewall * From
(including)
15.1.0 		Up to
(excluding)
15.1.0.4
运行在以下环境
应用 f5 big-ip_analytics * From
(including)
11.6.1 		Up to
(excluding)
11.6.5.2
运行在以下环境
应用 f5 big-ip_analytics * From
(including)
12.1.0 		Up to
(excluding)
12.1.5.2
运行在以下环境
应用 f5 big-ip_analytics * From
(including)
13.1.0 		Up to
(excluding)
13.1.3.4
运行在以下环境
应用 f5 big-ip_analytics * From
(including)
14.1.0 		Up to
(excluding)
14.1.2.6
运行在以下环境
应用 f5 big-ip_analytics * From
(including)
15.0.0 		Up to
(excluding)
15.0.1.4
运行在以下环境
应用 f5 big-ip_analytics * From
(including)
15.1.0 		Up to
(excluding)
15.1.0.4
运行在以下环境
应用 f5 big-ip_application_acceleration_manager * From
(including)
11.6.1 		Up to
(excluding)
11.6.5.2
运行在以下环境
应用 f5 big-ip_application_acceleration_manager * From
(including)
12.1.0 		Up to
(excluding)
12.1.5.2
运行在以下环境
应用 f5 big-ip_application_acceleration_manager * From
(including)
13.1.0 		Up to
(excluding)
13.1.3.4
运行在以下环境
应用 f5 big-ip_application_acceleration_manager * From
(including)
14.1.0 		Up to
(excluding)
14.1.2.6
运行在以下环境
应用 f5 big-ip_application_acceleration_manager * From
(including)
15.0.0 		Up to
(excluding)
15.0.1.4
运行在以下环境
应用 f5 big-ip_application_acceleration_manager * From
(including)
15.1.0 		Up to
(excluding)
15.1.0.4
运行在以下环境
应用 f5 big-ip_application_security_manager * From
(including)
11.6.1 		Up to
(excluding)
11.6.5.2
运行在以下环境
应用 f5 big-ip_application_security_manager * From
(including)
12.1.0 		Up to
(excluding)
12.1.5.2
运行在以下环境
应用 f5 big-ip_application_security_manager * From
(including)
13.1.0 		Up to
(excluding)
13.1.3.4
运行在以下环境
应用 f5 big-ip_application_security_manager * From
(including)
14.1.0 		Up to
(excluding)
14.1.2.6
运行在以下环境
应用 f5 big-ip_application_security_manager * From
(including)
15.0.0 		Up to
(excluding)
15.0.1.4
运行在以下环境
应用 f5 big-ip_application_security_manager * From
(including)
15.1.0 		Up to
(excluding)
15.1.0.4
运行在以下环境
应用 f5 big-ip_ddos_hybrid_defender * From
(including)
11.6.1 		Up to
(excluding)
11.6.5.2
运行在以下环境
应用 f5 big-ip_ddos_hybrid_defender * From
(including)
12.1.0 		Up to
(excluding)
12.1.5.2
运行在以下环境
应用 f5 big-ip_ddos_hybrid_defender * From
(including)
13.1.0 		Up to
(excluding)
13.1.3.4
运行在以下环境
应用 f5 big-ip_ddos_hybrid_defender * From
(including)
14.1.0 		Up to
(excluding)
14.1.2.6
运行在以下环境
应用 f5 big-ip_ddos_hybrid_defender * From
(including)
15.0.0 		Up to
(excluding)
15.0.1.4
运行在以下环境
应用 f5 big-ip_ddos_hybrid_defender * From
(including)
15.1.0 		Up to
(excluding)
15.1.0.4
运行在以下环境
应用 f5 big-ip_domain_name_system * From
(including)
11.6.1 		Up to
(excluding)
11.6.5.2
运行在以下环境
应用 f5 big-ip_domain_name_system * From
(including)
12.1.0 		Up to
(excluding)
12.1.5.2
运行在以下环境
应用 f5 big-ip_domain_name_system * From
(including)
13.1.0 		Up to
(excluding)
13.1.3.4
运行在以下环境
应用 f5 big-ip_domain_name_system * From
(including)
14.1.0 		Up to
(excluding)
14.1.2.6
运行在以下环境
应用 f5 big-ip_domain_name_system * From
(including)
15.0.0 		Up to
(excluding)
15.0.1.4
运行在以下环境
应用 f5 big-ip_domain_name_system * From
(including)
15.1.0 		Up to
(excluding)
15.1.0.4
运行在以下环境
应用 f5 big-ip_fraud_protection_service * From
(including)
11.6.1 		Up to
(excluding)
11.6.5.2
运行在以下环境
应用 f5 big-ip_fraud_protection_service * From
(including)
12.1.0 		Up to
(excluding)
12.1.5.2
运行在以下环境
应用 f5 big-ip_fraud_protection_service * From
(including)
13.1.0 		Up to
(excluding)
13.1.3.4
运行在以下环境
应用 f5 big-ip_fraud_protection_service * From
(including)
14.1.0 		Up to
(excluding)
14.1.2.6
运行在以下环境
应用 f5 big-ip_fraud_protection_service * From
(including)
15.0.0 		Up to
(excluding)
15.0.1.4
运行在以下环境
应用 f5 big-ip_fraud_protection_service * From
(including)
15.1.0 		Up to
(excluding)
15.1.0.4
运行在以下环境
应用 f5 big-ip_global_traffic_manager * From
(including)
11.6.1 		Up to
(excluding)
11.6.5.2
运行在以下环境
应用 f5 big-ip_global_traffic_manager * From
(including)
12.1.0 		Up to
(excluding)
12.1.5.2
运行在以下环境
应用 f5 big-ip_global_traffic_manager * From
(including)
13.1.0 		Up to
(excluding)
13.1.3.4
运行在以下环境
应用 f5 big-ip_global_traffic_manager * From
(including)
14.1.0 		Up to
(excluding)
14.1.2.6
运行在以下环境
应用 f5 big-ip_global_traffic_manager * From
(including)
15.0.0 		Up to
(excluding)
15.0.1.4
运行在以下环境
应用 f5 big-ip_global_traffic_manager * From
(including)
15.1.0 		Up to
(excluding)
15.1.0.4
运行在以下环境
应用 f5 big-ip_link_controller * From
(including)
11.6.1 		Up to
(excluding)
11.6.5.2
运行在以下环境
应用 f5 big-ip_link_controller * From
(including)
12.1.0 		Up to
(excluding)
12.1.5.2
运行在以下环境
应用 f5 big-ip_link_controller * From
(including)
13.1.0 		Up to
(excluding)
13.1.3.4
运行在以下环境
应用 f5 big-ip_link_controller * From
(including)
14.1.0 		Up to
(excluding)
14.1.2.6
运行在以下环境
应用 f5 big-ip_link_controller * From
(including)
15.0.0 		Up to
(excluding)
15.0.1.4
运行在以下环境
应用 f5 big-ip_link_controller * From
(including)
15.1.0 		Up to
(excluding)
15.1.0.4
运行在以下环境
应用 f5 big-ip_local_traffic_manager * From
(including)
11.6.1 		Up to
(excluding)
11.6.5.2
运行在以下环境
应用 f5 big-ip_local_traffic_manager * From
(including)
12.1.0 		Up to
(excluding)
12.1.5.2
运行在以下环境
应用 f5 big-ip_local_traffic_manager * From
(including)
13.1.0 		Up to
(excluding)
13.1.3.4
运行在以下环境
应用 f5 big-ip_local_traffic_manager * From
(including)
14.1.0 		Up to
(excluding)
14.1.2.6
运行在以下环境
应用 f5 big-ip_local_traffic_manager * From
(including)
15.0.0 		Up to
(excluding)
15.0.1.4
运行在以下环境
应用 f5 big-ip_local_traffic_manager * From
(including)
15.1.0 		Up to
(excluding)
15.1.0.4
运行在以下环境
应用 f5 big-ip_policy_enforcement_manager * From
(including)
11.6.1 		Up to
(excluding)
11.6.5.2
运行在以下环境
应用 f5 big-ip_policy_enforcement_manager * From
(including)
12.1.0 		Up to
(excluding)
12.1.5.2
运行在以下环境
应用 f5 big-ip_policy_enforcement_manager * From
(including)
13.1.0 		Up to
(excluding)
13.1.3.4
运行在以下环境
应用 f5 big-ip_policy_enforcement_manager * From
(including)
14.1.0 		Up to
(excluding)
14.1.2.6
运行在以下环境
应用 f5 big-ip_policy_enforcement_manager * From
(including)
15.0.0 		Up to
(excluding)
15.0.1.4
运行在以下环境
应用 f5 big-ip_policy_enforcement_manager * From
(including)
15.1.0 		Up to
(excluding)
15.1.0.4
运行在以下环境
应用 f5 ssl_orchestrator * From
(including)
11.6.1 		Up to
(excluding)
11.6.5.2
运行在以下环境
应用 f5 ssl_orchestrator * From
(including)
12.1.0 		Up to
(excluding)
12.1.5.2
运行在以下环境
应用 f5 ssl_orchestrator * From
(including)
13.1.0 		Up to
(excluding)
13.1.3.4
运行在以下环境
应用 f5 ssl_orchestrator * From
(including)
14.1.0 		Up to
(excluding)
14.1.2.6
运行在以下环境
应用 f5 ssl_orchestrator * From
(including)
15.0.0 		Up to
(excluding)
15.0.1.4
运行在以下环境
应用 f5 ssl_orchestrator * From
(including)
15.1.0 		Up to
(excluding)
15.1.0.4
阿里云评分 9.8
  • 攻击路径 远程
  • 攻击复杂度 容易
  • 权限要求 无需权限
  • 影响范围 全局影响
  • EXP成熟度 POC 已公开
  • 补丁情况 没有补丁
  • 数据保密性 数据泄露
  • 数据完整性 传输被破坏
  • 服务器危害 服务器失陷
  • 全网数量 N/A
CWE-ID 漏洞类型 CWE-22 对路径名的限制不恰当(路径遍历) CWE-829 从非可信控制范围包含功能例程 CWE-94 对生成代码的控制不恰当(代码注入)