CVE-2020-5858

Name of the Vulnerable Software and Affected Versions BIG-IP versions 11.5.2 through 11.6.5.1 BIG-IP versions 12.1.0 through 12.1.5 BIG-IP versions 13.1.0 through 13.1.3.2 BIG-IP versions 14.1.0 through 14.1.2.2 BIG-IP versions 15.0.0 through 15.0.1.2 BIG-IQ versions 5.2.0 through 5.4.0 BIG-IQ versions 6.0.0 through 6.1.0 BIG-IQ version 7.0.0

Description The issue is related to errors in access control, allowing users with non-administrator roles and tmsh shell access to execute arbitrary commands with elevated privilege via a crafted tmsh command. This can potentially lead to privilege escalation.

Recommendations For BIG-IP versions 11.5.2 through 11.6.5.1, consider restricting tmsh shell access to prevent exploitation. For BIG-IP versions 12.1.0 through 12.1.5, restrict access to the tmsh command for non-administrator roles. For BIG-IP versions 13.1.0 through 13.1.3.2, limit the use of crafted tmsh commands. For BIG-IP versions 14.1.0 through 14.1.2.2, apply configuration changes to prevent privilege escalation. For BIG-IP versions 15.0.0 through 15.0.1.2, disable the use of elevated privileges for non-administrator roles. For BIG-IQ versions 5.2.0 through 5.4.0, restrict tmsh shell access. For BIG-IQ versions 6.0.0 through 6.1.0, limit access to the tmsh command. For BIG-IQ version 7.0.0, consider disabling the tmsh shell access for non-administrator roles.