S E C U R I T Y

Loading

Details
Stay Up To Date
Parent Checks

  • Network Scan

Need Membership

Yes

Need Proof Of Ownership

No

Estimate Time (Second)

7

BigIP Rce Vulnerability Scanner (CVE-2020-5902) Detail

If you are using F5 BIG-IP devices, it is better to check your devices for remote code execution vulnerability that emerged in the TMUI component.

What is F5 BIG-IP (CVE-2020-5902) Remote Code Execution Vulnerability?

BIG-IP is the name of a family of products related to safety and load distribution in F5 company. In June 2020, researchers discovered a critical vulnerability in Traffic Management User Interface (TMUI) component. The vulnerability allows anyone to execute operating system commands on the vulnerable F5 BIG-IP device.

In fact, the vulnerability is path traversal. It can be escalated to remote code execution vulnerability. An unauthenticated attacker can perform these interesting actions exploiting this vulnerability:

  1. Read arbitrary filesusing “fileRead.jsp” file
  2. List files from directory using “directoryList.jsp” file
  3. Create file with custom content using “fileSave.jsp” file
  4. Execute predefined system commands using “tmshCmd.jsp” file


How To Check F5 BIG-IP Remote Code Execution Vulnerability ?

You can check F5 BIG-IP Remote Code Execution vulnerability with our free and online BigIP Rce Vulnerability Scanner (CVE-2020-5902). tool To do this, you can start by typing your domain name or IP address in the form on top of the page and start scanning.

Or you can run nmap --script http-vuln-cve2020-5902 -p 443 Target_Host command on nmap tool which can be installed to all operating systems.

Also, you can find a lot of codes written in different programming languages in github to check the vulnerability.

Lastly, you can check manually. If your BIG-IP devices are impacted by this vulnerability, you will have a result similar to the following:

	curl -k 'https://[F5 Host]/tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/etc/passwd'

 	{"output":"root:x:0:0:root:\/root:\/bin\/bash\nbin:x:1:1:bin:\/bin:\/sbin\/nologin\ndaemon:x:2:2:daemon:\/sbin:\/sbin\/nologin\nadm:x:3:4:adm:\/var\/adm:\/sbin\/nologin\nlp:x:4:7:lp:\/var\/spool\/lpd:\/sbin\/nologin\nmail:x:8:12:mail:\/var\/spool\/mail:\/sbin\/nologin\"}
            

Some Advice for Common Problems

To eliminate this vulnerability, you need to update F5 BIG-IP device to the newest version. Also, you can block or disable access to TMUI from untrusted networks.