Lucene search

K
cve[email protected]CVE-2020-5858
HistoryMar 27, 2020 - 3:15 p.m.

CVE-2020-5858

2020-03-2715:15:12
web.nvd.nist.gov
113
cve-2020-5858
big-ip
big-iq
privilege escalation
tmsh
security vulnerability
nvd

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

4.6 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

12.5%

On BIG-IP 15.0.0-15.0.1.2, 14.1.0-14.1.2.2, 13.1.0-13.1.3.2, 12.1.0-12.1.5, and 11.5.2-11.6.5.1 and BIG-IQ 7.0.0, 6.0.0-6.1.0, and 5.2.0-5.4.0, users with non-administrator roles (for example, Guest or Resource Administrator) with tmsh shell access can execute arbitrary commands with elevated privilege via a crafted tmsh command.

Affected configurations

NVD
Node
f5big-iq_centralized_managementRange5.2.05.4.0
OR
f5big-iq_centralized_managementRange6.0.06.1.0
OR
f5big-iq_centralized_managementMatch7.0.0
Node
f5big-ip_access_policy_managerRange11.5.211.6.5
OR
f5big-ip_access_policy_managerRange12.1.012.1.5
OR
f5big-ip_access_policy_managerRange13.1.013.1.3
OR
f5big-ip_access_policy_managerRange14.1.014.1.2
OR
f5big-ip_access_policy_managerRange15.0.015.0.1
Node
f5big-ip_advanced_firewall_managerRange11.5.211.6.5
OR
f5big-ip_advanced_firewall_managerRange12.1.012.1.5
OR
f5big-ip_advanced_firewall_managerRange13.1.013.1.3
OR
f5big-ip_advanced_firewall_managerRange14.1.014.1.2
OR
f5big-ip_advanced_firewall_managerRange15.0.015.0.1
Node
f5big-ip_analyticsRange11.5.211.6.5
OR
f5big-ip_analyticsRange12.1.012.1.5
OR
f5big-ip_analyticsRange13.1.013.1.3
OR
f5big-ip_analyticsRange14.1.014.1.2
OR
f5big-ip_analyticsRange15.0.015.0.1
Node
f5big-ip_application_acceleration_managerRange11.5.211.6.5
OR
f5big-ip_application_acceleration_managerRange12.1.012.1.5
OR
f5big-ip_application_acceleration_managerRange13.1.013.1.3
OR
f5big-ip_application_acceleration_managerRange14.1.014.1.2
OR
f5big-ip_application_acceleration_managerRange15.0.015.0.1
Node
f5big-ip_application_security_managerRange11.5.211.6.5
OR
f5big-ip_application_security_managerRange12.1.012.1.5
OR
f5big-ip_application_security_managerRange13.1.013.1.3
OR
f5big-ip_application_security_managerRange14.1.014.1.2
OR
f5big-ip_application_security_managerRange15.0.015.0.1
Node
f5big-ip_domain_name_systemRange11.5.211.6.5
OR
f5big-ip_domain_name_systemRange12.1.012.1.5
OR
f5big-ip_domain_name_systemRange13.1.013.1.3
OR
f5big-ip_domain_name_systemRange14.1.014.1.2
OR
f5big-ip_domain_name_systemRange15.0.015.0.1
Node
f5big-ip_edge_gatewayRange11.5.211.6.5
OR
f5big-ip_edge_gatewayRange12.1.012.1.5
OR
f5big-ip_edge_gatewayRange13.1.013.1.3
OR
f5big-ip_edge_gatewayRange14.1.014.1.2
OR
f5big-ip_edge_gatewayRange15.0.015.0.1
Node
f5big-ip_fraud_protection_serviceRange11.5.211.6.5
OR
f5big-ip_fraud_protection_serviceRange12.1.012.1.5
OR
f5big-ip_fraud_protection_serviceRange13.1.013.1.3
OR
f5big-ip_fraud_protection_serviceRange14.1.014.1.2
OR
f5big-ip_fraud_protection_serviceRange15.0.015.0.1
Node
f5big-ip_global_traffic_managerRange11.5.211.6.5
OR
f5big-ip_global_traffic_managerRange12.1.012.1.5
OR
f5big-ip_global_traffic_managerRange13.1.013.1.3
OR
f5big-ip_global_traffic_managerRange14.1.014.1.2
OR
f5big-ip_global_traffic_managerRange15.0.015.0.1
Node
f5big-ip_link_controllerRange11.5.211.6.5
OR
f5big-ip_link_controllerRange12.1.012.1.5
OR
f5big-ip_link_controllerRange13.1.013.1.3
OR
f5big-ip_link_controllerRange14.1.014.1.2
OR
f5big-ip_link_controllerRange15.0.015.0.1
Node
f5big-ip_local_traffic_managerRange11.5.211.6.5
OR
f5big-ip_local_traffic_managerRange12.1.012.1.5
OR
f5big-ip_local_traffic_managerRange13.1.013.1.3
OR
f5big-ip_local_traffic_managerRange14.1.014.1.2
OR
f5big-ip_local_traffic_managerRange15.0.015.0.1
Node
f5big-ip_policy_enforcement_managerRange11.5.211.6.5
OR
f5big-ip_policy_enforcement_managerRange12.1.012.1.5
OR
f5big-ip_policy_enforcement_managerRange13.1.013.1.3
OR
f5big-ip_policy_enforcement_managerRange14.1.014.1.2
OR
f5big-ip_policy_enforcement_managerRange15.0.015.0.1
Node
f5big-ip_webacceleratorRange11.5.211.6.5
OR
f5big-ip_webacceleratorRange12.1.012.1.5
OR
f5big-ip_webacceleratorRange13.1.013.1.3
OR
f5big-ip_webacceleratorRange14.1.014.1.2
OR
f5big-ip_webacceleratorRange15.0.015.0.1

CNA Affected

[
  {
    "product": "BIG-IP, BIG-IQ",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "BIG-IP 15.0.0-15.0.1.2, 14.1.0-14.1.2.2, 13.1.0-13.1.3.2, 12.1.0-12.1.5, 11.5.2-11.6.5.1"
      },
      {
        "status": "affected",
        "version": "BIG-IQ 7.0.0, 6.0.0-6.1.0, 5.2.0-5.4.0"
      }
    ]
  }
]

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

4.6 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

12.5%

Related for CVE-2020-5858