PT-2020-18805 · F5 · F5 Big-Ip
Published
2020-07-01
·
Updated
2022-05-03
·
CVE-2020-5907
CVSS v3.1
7.2
High
| Vector | AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
F5 BIG-IP versions 11.6.1 through 11.6.5.1
F5 BIG-IP versions 12.1.0 through 12.1.5.1
F5 BIG-IP versions 13.1.0 through 13.1.3.3
F5 BIG-IP versions 14.1.0 through 14.1.2.3
F5 BIG-IP versions 15.0.0 through 15.1.0.3
Description
An issue exists where an authorized user with access only to the TMOS Shell (tmsh) may be able to conduct arbitrary file read/writes via the built-in sftp functionality.
Recommendations
For versions 11.6.1 through 11.6.5.1, restrict access to the sftp functionality to minimize the risk of exploitation.
For versions 12.1.0 through 12.1.5.1, restrict access to the sftp functionality to minimize the risk of exploitation.
For versions 13.1.0 through 13.1.3.3, restrict access to the sftp functionality to minimize the risk of exploitation.
For versions 14.1.0 through 14.1.2.3, restrict access to the sftp functionality to minimize the risk of exploitation.
For versions 15.0.0 through 15.1.0.3, restrict access to the sftp functionality to minimize the risk of exploitation.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
F5 Big-Ip