CVE-2020-5902 | F5 BIG-IPÔ¶³Ì´úÂëÖ´ÐÐÎó²îͨ¸æ

Ðû²¼Ê±¼ä 2020-07-03

0x00 Îó²î¸ÅÊö



CVE   ID

CVE-2020-5902

ʱ    ¼ä

2020-07-03

Àà    ÐÍ

RCE

µÈ    ¼¶

ÑÏÖØ

Ô¶³ÌʹÓÃ

ÊÇ

Ó°Ïì¹æÄ£

F5 BIG-IP15.1.0¡¢15.0.0¡¢14.1.0-14.1.2¡¢13.1.0-13.1.3¡¢12.1.0-12.1.5¡¢11.6.1-11.6.5


0x01 Îó²îÏêÇé


¿­·¢¡¤k8(ÖйúÓÎ)¹Ù·½ÍøÕ¾



F5 BIG-IPÊÇÃÀ¹úF5¹«Ë¾µÄÒ»¿î¼¯³ÉÁËÍøÂçÁ÷Á¿ÖÎÀí¡¢Ó¦ÓóÌÐòÇå¾²ÖÎÀí¡¢¸ºÔØƽºâµÈ¹¦Ð§µÄÓ¦Óý»¸¶Æ½Ì¨¡£¡£¡£¡£¡£¡£¡£BIG-IPÌṩÁËÓ¦ÓóÌÐò¼ÓËÙ¡¢¸ºÔØƽºâ¡¢ËÙÂʵ÷½â¡¢SSLжÔغÍWebÓ¦ÓóÌÐò·À»¤¹¦Ð§¡£¡£¡£¡£¡£¡£¡£¸Ã²úÆ·Òѱ»Ðí¶à¹«Ë¾Ê¹Ó㬣¬£¬£¬£¬£¬F5Éù³ÆÈ«Çò50Ç¿¹«Ë¾ÖÐÓÐ48¼ÒÊÇÆä¿Í»§¡£¡£¡£¡£¡£¡£¡£

ÍøÂçÇå¾²¹«Ë¾Positive TechnologiesµÄÑо¿Ö°Ô±·¢Ã÷ÁËBIG-IPÓ¦Óý»¸¶ÏµÍ³£¨ADC£©µÄÉèÖýӿÚÖеÄÒ»¸öÔ¶³Ì´úÂëÖ´ÐÐÎó²î£¨CVE-2020-5902£©£¬£¬£¬£¬£¬£¬CVSSÆÀ·Ö10·Ö£¬£¬£¬£¬£¬£¬¹¥»÷Õß¿ÉʹÓøÃÎó²îÍêÈ«¿ØÖÆÄ¿µÄϵͳ¡£¡£¡£¡£¡£¡£¡£

δ¾­Éí·ÝÑéÖ¤µÄ¹¥»÷Õß»ò¾­ÓÉÉí·ÝÑéÖ¤µÄÓû§Í¨¹ýBIG-IPÖÎÀí¶Ë¿Ú»òIP»á¼ûTMUI£¬£¬£¬£¬£¬£¬¹¥»÷Õß¿ÉʹÓøÃÎó²îÖ´ÐÐí§ÒâϵͳÏÂÁî¡¢½¨Éè»òɾ³ýÎļþ¡¢½ûÓÃЧÀÍ¡¢Ö´ÐÐí§ÒâµÄJava´úÂë¡£¡£¡£¡£¡£¡£¡£


0x02 ´¦Öóͷ£½¨Òé


ÏÖÔÚ³§ÉÌÐû²¼Á˸ÃÈí¼þ11.x°æ±¾£¬£¬£¬£¬£¬£¬12.x°æ±¾£¬£¬£¬£¬£¬£¬13.x°æ±¾£¬£¬£¬£¬£¬£¬14.x°æ±¾ºÍ15.1.0°æ±¾µÄÐÞ¸´²½·¥£¬£¬£¬£¬£¬£¬15.0.0°æ±¾µÄÐÞ¸´²½·¥ÔÝδÐû²¼£¬£¬£¬£¬£¬£¬ÏêϸÈçÏ£º


¿­·¢¡¤k8(ÖйúÓÎ)¹Ù·½ÍøÕ¾



ÔÝʱ²½·¥£º

? All network interfaces

Ϊ±ÜÃâδ¾­Éí·ÝÑéÖ¤µÄ¹¥»÷ÕßʹÓôËÎó²î£¬£¬£¬£¬£¬£¬Ç뽫LocationMatchÉèÖÃÔªËØÌí¼Óµ½httpd¡£¡£¡£¡£¡£¡£¡£ÇëÖ´ÐÐÒÔÏ°취£º

×¢ÖØ£º¾­ÓÉÉí·ÝÑéÖ¤µÄÓû§½«ÈÔÈ»Äܹ»Ê¹ÓôËÎó²î£¬£¬£¬£¬£¬£¬¶øÎÞÐè˼Á¿ÆäÌØȨ¼¶±ð¡£¡£¡£¡£¡£¡£¡£

1. ͨ¹ýÊäÈëÒÔÏÂÏÂÁîµÇ¼µ½TMOS Shell£¨tmsh£©£º

Tmsh

2. ͨ¹ýÊäÈëÒÔÏÂÏÂÁîÀ´±à¼­httpdÊôÐÔ£º

edit /sys httpd all-properties

3. ÕÒµ½include²¿·Ö²¢Ìí¼ÓÒÔÏÂÄÚÈÝ£º

include '

Redirect 404 /


'

4. ÊäÈëÒÔÏÂÏÂÁ£¬£¬£¬£¬£¬ÉúÑĵ½ÉèÖÃÎļþÖУº

Esc

:wq!

5. ÊäÈëÒÔÏÂÏÂÁîÀ´ÉúÑÄÉèÖãº

save /sys config

6. ÊäÈëÒÔÏÂÏÂÁîÖØÐÂÆô¶¯httpdЧÀÍ£º

restart sys service httpd

? Self IPs

ͨ¹ýSelf IPsÕ½ÂÔ×èÖ¹¶ÔBIG-IPϵͳTMUIµÄ»á¼ûȨÏÞ¡£¡£¡£¡£¡£¡£¡£Îª´Ë£¬£¬£¬£¬£¬£¬Äú¿ÉÒÔ½«ÏµÍ³ÖÐÿ¸öSelf IPsµÄPort LockdownÉèÖÃΪ¡°Allow None¡±¡£¡£¡£¡£¡£¡£¡£ÈôÊDZØÐè·­¿ªí§Òâ¶Ë¿Ú£¬£¬£¬£¬£¬£¬ÔòӦʹÓÃAllow Custom£¬£¬£¬£¬£¬£¬×¢ÖØեȡ»á¼ûTMUI¡£¡£¡£¡£¡£¡£¡£Ä¬ÈÏÇéÐÎÏ£¬£¬£¬£¬£¬£¬TMUIÕìÌýTCP 443¶Ë¿Ú£¬£¬£¬£¬£¬£¬¿ÉÊÇ£¬£¬£¬£¬£¬£¬´ÓBIG-IP 13.0.0°æ±¾×îÏÈ£¬£¬£¬£¬£¬£¬Single-NIC BIG-IP VE°²ÅÅʹÓÃTCP 8443¶Ë¿Ú£¬£¬£¬£¬£¬£¬Ò²¿ÉÒÔÉèÖÃ×Ô½ç˵¶Ë¿Ú¡£¡£¡£¡£¡£¡£¡£

×¢ÖØ£ºÍ¨¹ýSelf IPÕ½ÂÔեȡ¶ÔTMUI/Configuration³ÌÐòµÄȨÏ޵Ļá¼û£¬£¬£¬£¬£¬£¬Õâ¶ÔÆäËûЧÀÍ¿ÉÄܱ¬·¢Ó°Ïì¡£¡£¡£¡£¡£¡£¡£

ÔÚ¸ü¸ÄSelf IPsµÄÉèÖÃ֮ǰ£¬£¬£¬£¬£¬£¬Çë²Î¿¼ÒÔÏÂÄÚÈÝ£º

https://support.f5.com/csp/article/K17333

https://support.f5.com/csp/article/K13092

https://support.f5.com/csp/article/K31003634

https://support.f5.com/csp/article/K51358480

? Management interface

Ïà¹ØÐÅÏ¢Çë²Î¿¼£º

https://support.f5.com/csp/article/K13309

https://support.f5.com/csp/article/K13092


0x03 Ïà¹ØÐÂÎÅ


https://www.securityweek.com/serious-vulnerabilities-f5s-big-ip-allow-full-system-compromise?from=timeline


0x04 ²Î¿¼Á´½Ó


https://support.f5.com/csp/article/K52145254


0x05 ʱ¼äÏß


2020-07-01 F5Ðû²¼Ç徲ͨ¸æ

2020-07-03 VSRCÐû²¼Îó²îͨ¸æ

¿­·¢¡¤k8(ÖйúÓÎ)¹Ù·½ÍøÕ¾