F5 BIG-IP - Remote Code Execution CVE-2020-5902
- Severity
- Vulnerability description
F5 BIG-IP server is affected by a Remote Code Execution vulnerability, located in the Traffic Management User Interface (TMUI) component, which is publicly accessible. The root cause of this vulnerability consists in a broken parser logic in the Tomcat endpoint. This allows an unauthenticated malicious attacker to access any file stored on the server or to execute arbitrary commands on the server.
- Risk description
The risk exists that a remote unauthenticated attacker can fully compromise the F5 BIG-IP server in order to steal confidential information, install ransomware or pivot to the internal network.
- Exploit capabilities
Sniper can gain unauthenticated Remote Code Execution on the target system and extract multiple artefacts as evidence.
- Recommendation
Upgrade F5 BIG-IP server to the latest version or to a non-vulnerable version listed in K52145254.
- References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5902https://www.ptsecurity.com/ww-en/about/news/f5-fixes-critical-vulnerability-discovered-by-positive-technologies-in-big-ip-application-delivery-controller/https://research.nccgroup.com/2020/07/12/understanding-the-root-cause-of-f5-networks-k52145254-tmui-rce-vulnerability-cve-2020-5902/https://pentest-tools.com/blog/big-ip-tmui-rce/https://www.exploit-db.com/exploits/48642https://www.exploit-db.com/exploits/48643https://www.exploit-db.com/exploits/48711
- Codename
- Not available
- Detectable with
- Network Scanner
- Scan engine
- Sniper
- Exploitable with Sniper
- Yes
- CVE Published
- Jun 1, 2020
- Detection added at
- Software Type
- VPN gateway
- Vendor
- F5
- Product
- BIG IP
Detect this vulnerability now!
Check your clients' targets (or your own) for this vulnerability and thousands more! Get proof for validation with our ethical hacking toolkit.