Tech

Security updates F5 BIG-IP: malicious code hole in the configuration tool

Attackers could address various gaps in BIG-IP appliances such as Application Acceleration Manager and Local Traffic Manager and run malicious code on systems. Security updates help.

The “critical“Vulnerability with the identifier CVE-2020-5902 is rated with the highest possible CVSSv3 score 10 out of 10. The vulnerability affects the Traffic Management User Interface (TMUI).

Attackers should be able to start remote code execution attacks without authentication. This usually results in a complete compromise of a system. The following BIG-IP versions have been repaired:

  • 15.1.0.4
  • 14.1.2.6
  • 13.1.3.4
  • 12.1.5.2
  • 11.6.5.2

Due to the severity of the vulnerability, admins should install the updates quickly. BIG-IQ Centralized and Traffix SDC are not affected by the vulnerability.

The TMUI is also vulnerable to a CSFR attack (CVE-2020-5904). An attacker could misuse an admin session here to execute his own commands. Another gap (CVE-2020-5903 in TMUI) could serve as a starting point for an XSS attack. If that works, attackers could run JavaScript with the rights of a victim logged in at the time of the attack. The degree of threat from both gaps is “high“classified.

By exploiting further vulnerabilities, access to actually closed files and subsequent manipulation is still possible. Session IDs could also leak. The remaining gaps are marked with “medium” and “low“classified.

List sorted in descending order by threat level:


(of)

To home page

.