Back
Multiple Vulnerabilities in F5 BIG-IP Products - CERT-In Vulnerability Note CIVN-2020-0141
- By Elite CIO
- May 11, 2020
- 10
Multiple Vulnerabilities in F5 BIG-IP Products - CERT-In Vulnerability Note CIVN-2020-0141
Source : www.cert-in.org.in
Original Issue Date: May08, 2020
Severity Rating :MEDIUM
Software Affected
BIG-IP: 14.xand 15.x
BIG-IP LTM:14.x and 15.x
BIG-IP AAM:14.x and 15.x
BIG-IP AFM:14.x and 15.x
BIG-IPAnalytics: 14.x and 15.x
BIG-IP APM:14.x and 15.x
BIG-IP ASM:14.x and 15.x
BIG-IP DNS:14.x and 15.x
BIG-IP FPS:14.x and 15.x
BIG-IP GTM:14.x and 15.x
BIG-IP LinkController: 14.x and 15.x
BIG-IP PEM:14.x and 15.x
Overview
Multiple vulnerabilities have been reported in F5 BIG-IPProducts which could be exploited by an attacker to bypass security restrictions,upload arbitrary files, conduct cross site scripting attacks, obtain sensitiveinformation, or execute arbitrary code on the targeted system.
Description
1. Arbitrary fileupload Vulnerability ( CVE-2020-5880 )
The vulnerability exists due to an error in the"restjavad" process which may expose a way to upload arbitrary fileson the BIG-IP system, bypassing the authorization system. A remoteauthenticated attacker can upload arbitrary files, fill the disk storage and makethe BIG-IP host inoperable. Successful exploitation of this vulnerability mayallow a remote attacker to upload arbitrary file and gain unauthorized accessto the targeted system.
2. BIG-IP Cross-sitescripting (XSS) vulnerability ( CVE-2020-5889 )
The vulnerability exists due to insufficient sanitization ofuser-supplied data in BIG-IP APM portal access. A remote
authenticated attacker can trick the victim to follow aspecially crafted link and execute arbitrary code in the users browser in thecontext of vulnerable website. Successful exploitation of this vulnerabilitymay allow a remote attacker to steal potentially sensitive information, changethe appearance of the web page, perform phishing and drive-by-download attacksand perform cross-site scripting (XSS) attacks.
3. Informationdisclosure vulnerability
The vulnerability exists due to the BIG-IP APM system maylog random data after the APM session ID in the "/var/log/apm" logs.A remote attacker can use the "ACCESS::log" command in an iRuleassociated with the BIG-IP APM virtual server and cause the characters loggedafter the APM session ID may leak random information. Successful exploitationof this vulnerability may allow a remote attacker to gain access to potentiallysensitive information and
thereby exploit information disclosure vulnerability.
Solution
Apply appropriate fixes asissued by vendor in the following link:
https://support.f5.com/csp/article/K43404365
Vendor Information
F5 Networks
https://support.f5.com/csp/article/K43404365
References
F5 Networks
https://support.f5.com/csp/article/K43404365
https://support.f5.com/csp/article/K24415506
https://support.f5.com/csp/article/K94325657
CVE Name
CVE-2020-5880
CVE-2020-5889
Disclaimer
The information provided herein is on "asis" basis, without warranty of any kind.