CVE-2020-5902: F5 BIG-IP Remote Code Execution Vulnerability Alert
Recently, F5 issued a risk notification for F5 BIG-IP remote code execution vulnerability. The vulnerability number is CVE-2020-5902, and the vulnerability level is critical.
Affected version
- BIG-IP 15.x: 15.1.0/15.0.0
- BIG-IP 14.x: 14.1.0 ~ 14.1.2
- BIG-IP 13.x: 13.1.0 ~ 13.1.3
- BIG-IP 12.x: 12.1.0 ~ 12.1.5
- BIG-IP 11.x: 11.6.1 ~ 11.6.5
Unaffected version
- BIG-IP 15.x: 15.1.0.4
- BIG-IP 14.x: 14.1.2.6
- BIG-IP 13.x: 13.1.3.4
- BIG-IP 12.x: 12.1.5.2
- BIG-IP 11.x: 11.6.5.2
Solution
In this regard, we recommend that the users promptly upgrade BIG-IP to the unaffected version.
-
Use the following command to log in to the corresponding system
tmsh - Edit the configuration file of the httpd component
edit /sys httpd all-properties -
The content of the file is as follows
-
Save the file
-
Run the command to refresh the configuration file
save /sys config -
Restart httpd service
restart sys service httpd -
And prohibit external IP access to Traffic Management User Interface (TMUI) pages