Sign-up

ID

VAR-202007-1399


CVE

CVE-2020-5908


TITLE

F5 BIG-IP contains multiple vulnerabilities including unauthenticated remote command execution

Trust: 0.8

sources: CERT/CC: VU#290915

DESCRIPTION

In versions bundled with BIG-IP APM 12.1.0-12.1.5 and 11.6.1-11.6.5.2, Edge Client for Linux exposes full session ID in the local log files. F5 BIG-IP provides a Traffic Management User Interface (TMUI), also referred to as the Configuration utility, that has multiple vulnerabilities including a remotely exploitable command injection vulnerability that can be used to execute arbitrary commands and subsequently take control of a vulnerable system. F5 BIG-IP devices provide load-balancing capability to application services such as HTTP and DNS. The F5 BIG-IP TMUI management web interface improperly neutralizes untrusted user input and can be abused by unauthenticated remote attackers to perform malicious activities such as cross-site scripting (XSS), cross-site request forgery (CSRF), and command injection CWE-74. F5 has also announced that BIG-IP devices do not properly enforce access controls to sensitive configuration files that be read and overwritten by an authenticated user via Secure Copy (SCP). The vulnerability identified by CVE-2020-0592 can be abused to achieve arbitrary code execution on the target device with root privileges. Underlying causes and factors in these vulnerabilities include: Improper configuration and a lack of identify checks, see recent article from NCC Group. Understanding the root cause of F5 Networks K52145254: TMUI RCE vulnerability CVE-2020-5902 The TMUI fails to enforce proper authentication and authorization, see OWASP Recommendations The TMUI web interface does not normalize user's input to prevent both XSS and CSRF, allowing a "Deadly Combinations of XSS and CSRF" Lack of role-based access checks allows for for unexpected file access, see Role-Based Access Control Models F5 recommends that the TMUI web interface should be accessible only from a secure or an out-of-band network and not directly from the Internet (K13092). However, many installations, as observed by Bad Packets, do not seem to follow this recommendation. An unauthenticated attacker with network access to the TMUI may be able to execute arbitrary system commands, create or delete files, disable services, and subsequently execute arbitrary code with high privileges such as root. An authenticated user is also be able to perform unexpected activities such as changing configuration files on a vulnerable device. BIG-IP APM There is an information leakage vulnerability in.Information may be obtained. F5 BIG-IP APM is a set of access and security solutions from F5 Corporation of the United States. The product provides unified access to business-critical applications and networks

Trust: 2.43

sources: NVD: CVE-2020-5908 // CERT/CC: VU#290915 // JVNDB: JVNDB-2020-007490 // VULHUB: VHN-184033

AFFECTED PRODUCTS

vendor:f5model:big-ip access policy managerscope:lteversion:12.1.5

Trust: 1.0

vendor:f5model:big-ip access policy managerscope:gteversion:12.1.0

Trust: 1.0

vendor:f5model:big-ip access policy managerscope:lteversion:11.6.5.2

Trust: 1.0

vendor:f5model:big-ip access policy managerscope:gteversion:11.6.1

Trust: 1.0

vendor:f5model:big-ip access policy managerscope:eqversion:11.6.1 から 11.6.5.2

Trust: 0.8

vendor:f5model:big-ip access policy managerscope:eqversion:12.1.0 から 12.1.5

Trust: 0.8

sources: JVNDB: JVNDB-2020-007490 // NVD: CVE-2020-5908

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-5908
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2020-007490
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202007-058
value: MEDIUM

Trust: 0.6

VULHUB: VHN-184033
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2020-5908
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-007490
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-184033
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-5908
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-007490
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-184033 // JVNDB: JVNDB-2020-007490 // CNNVD: CNNVD-202007-058 // NVD: CVE-2020-5908

PROBLEMTYPE DATA

problemtype:CWE-532

Trust: 1.1

problemtype:CWE-200

Trust: 0.9

problemtype:CWE-74

Trust: 0.8

sources: CERT/CC: VU#290915 // VULHUB: VHN-184033 // JVNDB: JVNDB-2020-007490 // NVD: CVE-2020-5908

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202007-058

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-202007-058

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-007490

PATCH
title:K33023560url:https://support.f5.com/csp/article/K33023560
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2020-007490

EXTERNAL IDS
db:NVDid:CVE-2020-5908
Trust: 3.3
db:CERT/CCid:VU#290915
Trust: 2.5
db:JVNid:JVNVU90376702
Trust: 0.8
db:JVNDBid:JVNDB-2020-007490
Trust: 0.8
db:CNNVDid:CNNVD-202007-058
Trust: 0.7
db:AUSCERTid:ESB-2020.2260
Trust: 0.6
db:AUSCERTid:ESB-2020.2260.2
Trust: 0.6
db:AUSCERTid:ESB-2020.2260.7
Trust: 0.6
db:AUSCERTid:ESB-2020.2260.5
Trust: 0.6
db:AUSCERTid:ESB-2020.2260.6
Trust: 0.6
db:AUSCERTid:ESB-2020.2260.3
Trust: 0.6
db:VULHUBid:VHN-184033
Trust: 0.1
sources:
            
            
            CERT/CC: VU#290915 // 
            
            
            
            VULHUB: VHN-184033 // 
            
            
            
            JVNDB: JVNDB-2020-007490 // 
            
            
            
            CNNVD: CNNVD-202007-058 // 
            
            
            
            NVD: CVE-2020-5908

REFERENCES
url:https://support.f5.com/csp/article/k33023560
Trust: 2.5
url:https://www.kb.cert.org/vuls/id/290915
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2020-5908
Trust: 1.4
url:https://support.f5.com/csp/article/k52145254
Trust: 0.8
url:https://support.f5.com/csp/article/k43638305
Trust: 0.8
url:https://support.f5.com/csp/article/k31301245
Trust: 0.8
url:https://support.f5.com/csp/article/k07051153
Trust: 0.8
url:https://support.f5.com/csp/article/k82518062
Trust: 0.8
url:https://support.f5.com/csp/article/k00091341
Trust: 0.8
url:https://github.com/yassineaboukir/cve-2020-5902
Trust: 0.8
url:https://research.nccgroup.com/2020/07/12/understanding-the-root-cause-of-f5-networks-k52145254-tmui-rce-vulnerability-cve-2020-5902/
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5908
Trust: 0.8
url:https://jvn.jp/vu/jvnvu90376702/
Trust: 0.8
url:https://www.auscert.org.au/bulletins/esb-2020.2260.5/
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2020.2260.6/
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2020.2260.3/
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2020.2260/
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2020.2260.2/
Trust: 0.6
url:https://vigilance.fr/vulnerability/f5-big-ip-apm-edge-client-for-linux-information-disclosure-via-local-log-files-32659
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2020.2260.7/
Trust: 0.6
sources:
            
            
            CERT/CC: VU#290915 // 
            
            
            
            VULHUB: VHN-184033 // 
            
            
            
            JVNDB: JVNDB-2020-007490 // 
            
            
            
            CNNVD: CNNVD-202007-058 // 
            
            
            
            NVD: CVE-2020-5908

CREDITS
Several of these vulnerabilities were reported by Mikhail Klyuchnikov of Positive Technologies, who worked with F5 on a coordinated disclosure. This document was written by Vijay Sarvepalli. 
Trust: 0.8
sources:
            
            
            CERT/CC: VU#290915

SOURCES
db:CERT/CCid:VU#290915
db:VULHUBid:VHN-184033
db:JVNDBid:JVNDB-2020-007490
db:CNNVDid:CNNVD-202007-058
db:NVDid:CVE-2020-5908

LAST UPDATE DATE
2024-11-23T22:05:33.095000+00:00

SOURCES UPDATE DATE
db:CERT/CCid:VU#290915date:2020-07-13T00:00:00
db:VULHUBid:VHN-184033date:2021-07-21T00:00:00
db:JVNDBid:JVNDB-2020-007490date:2020-08-14T00:00:00
db:CNNVDid:CNNVD-202007-058date:2020-07-24T00:00:00
db:NVDid:CVE-2020-5908date:2024-11-21T05:34:48.490

SOURCES RELEASE DATE
db:CERT/CCid:VU#290915date:2020-07-08T00:00:00
db:VULHUBid:VHN-184033date:2020-07-01T00:00:00
db:JVNDBid:JVNDB-2020-007490date:2020-08-14T00:00:00
db:CNNVDid:CNNVD-202007-058date:2020-07-01T00:00:00
db:NVDid:CVE-2020-5908date:2020-07-01T15:15:15.813