Elite CIO Logo

BECOME MEMBER
Back

Multiple Vulnerabilities in F5 BIG-IP Products - CERT-In Vulnerability Note CIVN-2020-0141

  • By Elite CIO
  • Date May 11, 2020
  • Quotes10

Multiple Vulnerabilities in F5 BIG-IP Products - CERT-In Vulnerability Note CIVN-2020-0141

Source : www.cert-in.org.in

Original Issue Date: May08, 2020

Severity Rating :MEDIUM

Software Affected

BIG-IP: 14.xand 15.x

BIG-IP LTM:14.x and 15.x

BIG-IP AAM:14.x and 15.x

BIG-IP AFM:14.x and 15.x

BIG-IPAnalytics: 14.x and 15.x

BIG-IP APM:14.x and 15.x

BIG-IP ASM:14.x and 15.x

BIG-IP DNS:14.x and 15.x

BIG-IP FPS:14.x and 15.x

BIG-IP GTM:14.x and 15.x

BIG-IP LinkController: 14.x and 15.x

BIG-IP PEM:14.x and 15.x

 

Overview

Multiple vulnerabilities have been reported in F5 BIG-IPProducts which could be exploited by an attacker to bypass security restrictions,upload arbitrary files, conduct cross site scripting attacks, obtain sensitiveinformation, or execute arbitrary code on the targeted system.

Description

1. Arbitrary fileupload Vulnerability ( CVE-2020-5880 )

The vulnerability exists due to an error in the"restjavad" process which may expose a way to upload arbitrary fileson the BIG-IP system, bypassing the authorization system. A remoteauthenticated attacker can upload arbitrary files, fill the disk storage and makethe BIG-IP host inoperable. Successful exploitation of this vulnerability mayallow a remote attacker to upload arbitrary file and gain unauthorized accessto the targeted system.

2. BIG-IP Cross-sitescripting (XSS) vulnerability ( CVE-2020-5889 )

The vulnerability exists due to insufficient sanitization ofuser-supplied data in BIG-IP APM portal access. A remote

authenticated attacker can trick the victim to follow aspecially crafted link and execute arbitrary code in the users browser in thecontext of vulnerable website. Successful exploitation of this vulnerabilitymay allow a remote attacker to steal potentially sensitive information, changethe appearance of the web page, perform phishing and drive-by-download attacksand perform cross-site scripting (XSS) attacks.

3. Informationdisclosure vulnerability

The vulnerability exists due to the BIG-IP APM system maylog random data after the APM session ID in the "/var/log/apm" logs.A remote attacker can use the "ACCESS::log" command in an iRuleassociated with the BIG-IP APM virtual server and cause the characters loggedafter the APM session ID may leak random information. Successful exploitationof this vulnerability may allow a remote attacker to gain access to potentiallysensitive information and

thereby exploit information disclosure vulnerability.

Solution

Apply appropriate fixes asissued by vendor in the following link:

https://support.f5.com/csp/article/K43404365

Vendor Information

F5 Networks

https://support.f5.com/csp/article/K43404365

References

F5 Networks

https://support.f5.com/csp/article/K43404365

https://support.f5.com/csp/article/K24415506

https://support.f5.com/csp/article/K94325657

CVE Name

CVE-2020-5880

CVE-2020-5889

Disclaimer

The information provided herein is on "asis" basis, without warranty of any kind.