CVE-2020-5902: F5 BIG-IP Remote Code Execution Vulnerability Alert

by ·

Recently, F5 issued a risk notification for F5 BIG-IP remote code execution vulnerability. The vulnerability number is CVE-2020-5902, and the vulnerability level is critical.

An unauthorized remote attacker can cause arbitrary Java code execution by sending a specially-made request packet to the vulnerability page. Then the attacker can control all the functions of F5 BIG-IP, including but not limited to: execute any system command, enable/disable service, create/delete server-side files, etc. The vulnerability affects the control panel, not the data panel.

Affected version

  • BIG-IP 15.x: 15.1.0/15.0.0
  • BIG-IP 14.x: 14.1.0 ~ 14.1.2
  • BIG-IP 13.x: 13.1.0 ~ 13.1.3
  • BIG-IP 12.x: 12.1.0 ~ 12.1.5
  • BIG-IP 11.x: 11.6.1 ~ 11.6.5

Unaffected version

  • BIG-IP 15.x: 15.1.0.4
  • BIG-IP 14.x: 14.1.2.6
  • BIG-IP 13.x: 13.1.3.4
  • BIG-IP 12.x: 12.1.5.2
  • BIG-IP 11.x: 11.6.5.2

Solution

In this regard, we recommend that the users promptly upgrade BIG-IP to the unaffected version.

Temporary patching suggestions:
  1. Use the following command to log in to the corresponding system
    tmsh
  2. Edit the configuration file of the httpd component
    edit /sys httpd all-properties
  3. The content of the file is as follows

  4. Save the file
  5. Run the command to refresh the configuration file
    save /sys config
  6. Restart httpd service
    restart sys service httpd
  7. And prohibit external IP access to Traffic Management User Interface (TMUI) pages

Tags: