F5 BIG-IP - Remote Code Execution (CVE-2020-5902)
- Severity
- CVSSv3 Score
- 9.8
- Exploitable with Sniper
- Yes
- Vulnerability description
F5 BIG-IP server is affected by a Remote Code Execution vulnerability, located in the Traffic Management User Interface (TMUI) component, which is publicly accessible. The root cause of this vulnerability consists in a broken parser logic in the Tomcat endpoint. This allows an unauthenticated malicious attacker to access any file stored on the server or to execute arbitrary commands on the server.
- Exploit capabilities
Sniper can gain unauthenticated Remote Code Execution on the target system and extract multiple artefacts as evidence.
- Risk description
The risk exists that a remote unauthenticated attacker can fully compromise the F5 BIG-IP server in order to steal confidential information, install ransomware or pivot to the internal network.
- Recommendation
Upgrade F5 BIG-IP server to the latest version or to a non-vulnerable version listed in K52145254.
- References
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5902
https://pentest-tools.com/blog/big-ip-tmui-rce/
https://www.ptsecurity.com/ww-en/about/news/f5-fixes-critical-vulnerability-discovered-by-positive-technologies-in-big-ip-application-delivery-controller/
https://research.nccgroup.com/2020/07/12/understanding-the-root-cause-of-f5-networks-k52145254-tmui-rce-vulnerability-cve-2020-5902/- Detectable with
- Network Scanner
- Vuln date
- Jun 2020
- Published at
- Updated at
- Software Type
- VPN gateway
- Vendor
- F5
- Product
- BIG IP
- Codename
- Not available