Lucene search
This script is Copyright (C) 2018-2023 and is owned by Tenable, Inc. or an Affiliate thereof.F5_BIGIP_SOL02043709.NASLHistoryNov 02, 2018 - 12:00 a.m.
F5 Networks BIG-IP : Appliance mode tmsh access vulnerability (K02043709)
2018-11-0200:00:00
This script is Copyright (C) 2018-2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
29
CVSS2
3.5
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:S/C:P/I:N/A:N
CVSS3
4.4
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
AI Score
4.7
Confidence
High
EPSS
0.001
Percentile
26.2%
On a BIG-IP system configured in Appliance mode, the TMOS Shell (tmsh) may allow an administrative user to use the dig utility to gain unauthorized access to file system resources. (CVE-2018-5520)
Note : Appliance mode is designed to meet the needs of customers in especially sensitive sectors by limiting the BIG-IP system administrative access to match that of a typical network appliance and not a multi-user UNIX device. When a BIG-IP system is configured in Appliance mode, the Advanced Shell ( bash ) access to the file system is restricted. For information about Appliance mode, refer to K12815:
Overview of Appliance mode.
Impact
This vulnerability allows unauthorized disclosure of information.
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from F5 Networks BIG-IP Solution K02043709.
#
# The text description of this plugin is (C) F5 Networks.
#
include('compat.inc');
if (description)
{
script_id(118616);
script_version("1.6");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/11/02");
script_cve_id("CVE-2018-5520");
script_name(english:"F5 Networks BIG-IP : Appliance mode tmsh access vulnerability (K02043709)");
script_set_attribute(attribute:"synopsis", value:
"The remote device is missing a vendor-supplied security patch.");
script_set_attribute(attribute:"description", value:
"On a BIG-IP system configured in Appliance mode, the TMOS Shell (tmsh)
may allow an administrative user to use the dig utility to gain
unauthorized access to file system resources. (CVE-2018-5520)
Note : Appliance mode is designed to meet the needs of customers in
especially sensitive sectors by limiting the BIG-IP system
administrative access to match that of a typical network appliance and
not a multi-user UNIX device. When a BIG-IP system is configured in
Appliance mode, the Advanced Shell ( bash ) access to the file system
is restricted. For information about Appliance mode, refer to K12815:
Overview of Appliance mode.
Impact
This vulnerability allows unauthorized disclosure of information.");
script_set_attribute(attribute:"see_also", value:"https://my.f5.com/manage/s/article/K02043709");
script_set_attribute(attribute:"solution", value:
"Upgrade to one of the non-vulnerable versions listed in the F5 Solution K02043709.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:S/C:P/I:N/A:N");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-5520");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2018/05/02");
script_set_attribute(attribute:"patch_publication_date", value:"2018/04/30");
script_set_attribute(attribute:"plugin_publication_date", value:"2018/11/02");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_access_policy_manager");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_advanced_firewall_manager");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_application_acceleration_manager");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_application_security_manager");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_application_visibility_and_reporting");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_domain_name_system");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_global_traffic_manager");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_local_traffic_manager");
script_set_attribute(attribute:"cpe", value:"cpe:/h:f5:big-ip");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"F5 Networks Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2018-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("f5_bigip_detect.nbin");
script_require_keys("Host/local_checks_enabled", "Host/BIG-IP/hotfix", "Host/BIG-IP/modules", "Host/BIG-IP/version");
exit(0);
}
include('f5_func.inc');
if ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var version = get_kb_item('Host/BIG-IP/version');
if ( ! version ) audit(AUDIT_OS_NOT, 'F5 Networks BIG-IP');
if ( isnull(get_kb_item('Host/BIG-IP/hotfix')) ) audit(AUDIT_KB_MISSING, 'Host/BIG-IP/hotfix');
if ( ! get_kb_item('Host/BIG-IP/modules') ) audit(AUDIT_KB_MISSING, 'Host/BIG-IP/modules');
var sol = 'K02043709';
var vmatrix = {
'AFM': {
'affected': [
'13.1.0','13.0.0','12.1.0-12.1.3','11.2.1-11.6.3'
],
'unaffected': [
'14.0.0','13.1.0.6','13.0.1','12.1.3.2'
],
},
'AM': {
'affected': [
'13.1.0','13.0.0','12.1.0-12.1.3','11.2.1-11.6.3'
],
'unaffected': [
'14.0.0','13.1.0.6','13.0.1','12.1.3.2'
],
},
'APM': {
'affected': [
'13.1.0','13.0.0','12.1.0-12.1.3','11.2.1-11.6.3'
],
'unaffected': [
'14.0.0','13.1.0.6','13.0.1','12.1.3.2'
],
},
'ASM': {
'affected': [
'13.1.0','13.0.0','12.1.0-12.1.3','11.2.1-11.6.3'
],
'unaffected': [
'14.0.0','13.1.0.6','13.0.1','12.1.3.2'
],
},
'AVR': {
'affected': [
'13.1.0','13.0.0','12.1.0-12.1.3','11.2.1-11.6.3'
],
'unaffected': [
'14.0.0','13.1.0.6','13.0.1','12.1.3.2'
],
},
'DNS': {
'affected': [
'13.1.0','13.0.0','12.1.0-12.1.3','11.2.1-11.6.3'
],
'unaffected': [
'14.0.0','13.1.0.6','13.0.1','12.1.3.2'
],
},
'GTM': {
'affected': [
'13.1.0','13.0.0','12.1.0-12.1.3','11.2.1-11.6.3'
],
'unaffected': [
'14.0.0','13.1.0.6','13.0.1','12.1.3.2'
],
},
'LTM': {
'affected': [
'13.1.0','13.0.0','12.1.0-12.1.3','11.2.1-11.6.3'
],
'unaffected': [
'14.0.0','13.1.0.6','13.0.1','12.1.3.2'
],
}
};
if (bigip_is_affected(vmatrix:vmatrix, sol:sol))
{
var extra = NULL;
if (report_verbosity > 0) extra = bigip_report_get();
security_report_v4(
port : 0,
severity : SECURITY_NOTE,
extra : extra
);
}
else
{
var tested = bigip_get_tested_modules();
var audit_extra = 'For BIG-IP module(s) ' + tested + ',';
if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version);
else audit(AUDIT_HOST_NOT, 'running any of the affected modules');
}
Related
cvelist
cvelist
CVE-2018-5520
2018-05-02 13:00:00
prion
prion
Design/Logic Flaw
2018-05-02 13:29:00
f5
f5
K02043709 : Appliance mode tmsh access vulnerability CVE-2018-5520
2018-04-30 00:00:00
cve
cve
CVE-2018-5520
2018-05-02 13:29:00
nvd
nvd
CVE-2018-5520
2018-05-02 13:29:00
CVSS2
3.5
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:S/C:P/I:N/A:N
CVSS3
4.4
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
AI Score
4.7
Confidence
High
EPSS
0.001
Percentile
26.2%
Related for F5_BIGIP_SOL02043709.NASL