Lucene search

[email protected]CVE-2020-5858

HistoryMar 27, 2020 - 3:15 p.m.

CVE-2020-5858

2020-03-2715:15:12

[email protected]

web.nvd.nist.gov

113

cve-2020-5858

big-ip

big-iq

privilege escalation

tmsh

security vulnerability

nvd

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

4.6 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

12.5%

JSON

On BIG-IP 15.0.0-15.0.1.2, 14.1.0-14.1.2.2, 13.1.0-13.1.3.2, 12.1.0-12.1.5, and 11.5.2-11.6.5.1 and BIG-IQ 7.0.0, 6.0.0-6.1.0, and 5.2.0-5.4.0, users with non-administrator roles (for example, Guest or Resource Administrator) with tmsh shell access can execute arbitrary commands with elevated privilege via a crafted tmsh command.

Affected configurations

NVD

Node

f5big-iq_centralized_managementRange5.2.0–5.4.0

f5big-iq_centralized_managementRange6.0.0–6.1.0

f5big-iq_centralized_managementMatch7.0.0

Node

f5big-ip_access_policy_managerRange11.5.2–11.6.5

f5big-ip_access_policy_managerRange12.1.0–12.1.5

f5big-ip_access_policy_managerRange13.1.0–13.1.3

f5big-ip_access_policy_managerRange14.1.0–14.1.2

f5big-ip_access_policy_managerRange15.0.0–15.0.1

Node

f5big-ip_advanced_firewall_managerRange11.5.2–11.6.5

f5big-ip_advanced_firewall_managerRange12.1.0–12.1.5

f5big-ip_advanced_firewall_managerRange13.1.0–13.1.3

f5big-ip_advanced_firewall_managerRange14.1.0–14.1.2

f5big-ip_advanced_firewall_managerRange15.0.0–15.0.1

Node

f5big-ip_analyticsRange11.5.2–11.6.5

f5big-ip_analyticsRange12.1.0–12.1.5

f5big-ip_analyticsRange13.1.0–13.1.3

f5big-ip_analyticsRange14.1.0–14.1.2

f5big-ip_analyticsRange15.0.0–15.0.1

Node

f5big-ip_application_acceleration_managerRange11.5.2–11.6.5

f5big-ip_application_acceleration_managerRange12.1.0–12.1.5

f5big-ip_application_acceleration_managerRange13.1.0–13.1.3

f5big-ip_application_acceleration_managerRange14.1.0–14.1.2

f5big-ip_application_acceleration_managerRange15.0.0–15.0.1

Node

f5big-ip_application_security_managerRange11.5.2–11.6.5

f5big-ip_application_security_managerRange12.1.0–12.1.5

f5big-ip_application_security_managerRange13.1.0–13.1.3

f5big-ip_application_security_managerRange14.1.0–14.1.2

f5big-ip_application_security_managerRange15.0.0–15.0.1

Node

f5big-ip_domain_name_systemRange11.5.2–11.6.5

f5big-ip_domain_name_systemRange12.1.0–12.1.5

f5big-ip_domain_name_systemRange13.1.0–13.1.3

f5big-ip_domain_name_systemRange14.1.0–14.1.2

f5big-ip_domain_name_systemRange15.0.0–15.0.1

Node

f5big-ip_edge_gatewayRange11.5.2–11.6.5

f5big-ip_edge_gatewayRange12.1.0–12.1.5

f5big-ip_edge_gatewayRange13.1.0–13.1.3

f5big-ip_edge_gatewayRange14.1.0–14.1.2

f5big-ip_edge_gatewayRange15.0.0–15.0.1

Node

f5big-ip_fraud_protection_serviceRange11.5.2–11.6.5

f5big-ip_fraud_protection_serviceRange12.1.0–12.1.5

f5big-ip_fraud_protection_serviceRange13.1.0–13.1.3

f5big-ip_fraud_protection_serviceRange14.1.0–14.1.2

f5big-ip_fraud_protection_serviceRange15.0.0–15.0.1

Node

f5big-ip_global_traffic_managerRange11.5.2–11.6.5

f5big-ip_global_traffic_managerRange12.1.0–12.1.5

f5big-ip_global_traffic_managerRange13.1.0–13.1.3

f5big-ip_global_traffic_managerRange14.1.0–14.1.2

f5big-ip_global_traffic_managerRange15.0.0–15.0.1

Node

f5big-ip_link_controllerRange11.5.2–11.6.5

f5big-ip_link_controllerRange12.1.0–12.1.5

f5big-ip_link_controllerRange13.1.0–13.1.3

f5big-ip_link_controllerRange14.1.0–14.1.2

f5big-ip_link_controllerRange15.0.0–15.0.1

Node

f5big-ip_local_traffic_managerRange11.5.2–11.6.5

f5big-ip_local_traffic_managerRange12.1.0–12.1.5

f5big-ip_local_traffic_managerRange13.1.0–13.1.3

f5big-ip_local_traffic_managerRange14.1.0–14.1.2

f5big-ip_local_traffic_managerRange15.0.0–15.0.1

Node

f5big-ip_policy_enforcement_managerRange11.5.2–11.6.5

f5big-ip_policy_enforcement_managerRange12.1.0–12.1.5

f5big-ip_policy_enforcement_managerRange13.1.0–13.1.3

f5big-ip_policy_enforcement_managerRange14.1.0–14.1.2

f5big-ip_policy_enforcement_managerRange15.0.0–15.0.1

Node

f5big-ip_webacceleratorRange11.5.2–11.6.5

f5big-ip_webacceleratorRange12.1.0–12.1.5

f5big-ip_webacceleratorRange13.1.0–13.1.3

f5big-ip_webacceleratorRange14.1.0–14.1.2

f5big-ip_webacceleratorRange15.0.0–15.0.1

CPENameOperatorVersion
f5:big-iq_centralized_managementf5 big-iq centralized managementle5.4.0
f5:big-iq_centralized_managementf5 big-iq centralized managementle6.1.0
f5:big-iq_centralized_managementf5 big-iq centralized managementeq7.0.0

CPE	Name	Operator	Version
f5:big-iq_centralized_management	f5 big-iq centralized management	le	5.4.0
f5:big-iq_centralized_management	f5 big-iq centralized management	le	6.1.0
f5:big-iq_centralized_management	f5 big-iq centralized management	eq	7.0.0

CNA Affected

[
  {
    "product": "BIG-IP, BIG-IQ",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "BIG-IP 15.0.0-15.0.1.2, 14.1.0-14.1.2.2, 13.1.0-13.1.3.2, 12.1.0-12.1.5, 11.5.2-11.6.5.1"
      },
      {
        "status": "affected",
        "version": "BIG-IQ 7.0.0, 6.0.0-6.1.0, 5.2.0-5.4.0"
      }
    ]
  }
]

References

support.f5.com/csp/article/K36814487

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

4.6 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

12.5%

JSON

Related for CVE-2020-5858

prion1 f51 nessus1 cvelist1 nvd1