{"id":4202,"date":"2023-06-08T16:54:46","date_gmt":"2023-06-08T13:54:46","guid":{"rendered":"https:\/\/csirt.lacnic.net\/?p=4202"},"modified":"2023-06-08T20:49:29","modified_gmt":"2023-06-08T17:49:29","slug":"vulnerabilidad-critica-en-tmui-de-f5-permite-ejecucion-remota-de-comandos","status":"publish","type":"post","link":"https:\/\/csirt.lacnic.net\/pt-br\/arquivo-pt-br\/vulnerabilidad-critica-en-tmui-de-f5-permite-ejecucion-remota-de-comandos","title":{"rendered":"Vulnerabilidad cr\u00edtica en TMUI de F5 permite ejecuci\u00f3n remota de comandos"},"content":{"rendered":"\n

La vulnerabilidad identificada con CVE-2020-5902<\/a>, permitir\u00eda la ejecuci\u00f3n remota de comandos y el control total del sistema afectado. Esta vulnerabilidad ha sido catalogada como cr\u00edtica con un puntaje CVSS de 10 sobre 10.<\/p>\n\n\n\n

Seg\u00fan Mikhail Klyuchnikov, quien es el responsable de encontrar y reportar este problema a F5 Networks, el problema se encuentra en la configuraci\u00f3n de la utilidad Traffic Management User Interface para el controlador de entrega de aplicaciones (ADC) BIG-IP.<\/p>\n\n\n\n

BIG-IP ADC es usado por empresas, data centers y ambientes de computaci\u00f3n en la nube.<\/p>\n\n\n\n

De acuerdo al reporte de Klyuchnikov la mayor\u00eda de las compa\u00f1\u00edas que usan este producto no tiene habilitado el acceso desde Internet a la interfaz de configuraci\u00f3n.<\/p>\n\n\n\n

\u00bfC\u00f3mo puede ser explotada ?<\/strong><\/h2>\n\n\n\n

Un atacante no autorizado puede ejecutar comandos de manera remota enviando peticiones HTTP maliciosas y del estilo \u201cdirectory traversal\u201d al servidor vulnerable.<\/p>\n\n\n\n

El atacante podr\u00eda leer archivos, modificarlos, borrarlos o tomar el control total del sistema.<\/p>\n\n\n\n

Desde el CSIRT de LACNIC  se encontraron varios exploits p\u00fablicos, esto agrava la situaci\u00f3n ya que un atacante sin demasiado conocimiento de la tecnolog\u00eda puede realizar el ataque.<\/p>\n\n\n\n

Para saber si un sistema fue comprometido por un atacante es posible ejecutar una herramienta de F5 publicada en github<\/a>. Por m\u00e1s informaci\u00f3n ver las referencias de esta advertencia de seguridad.<\/p>\n\n\n\n

Recomendaci\u00f3n<\/strong><\/h2>\n\n\n\n

Las organizaciones que tengan activas versiones antiguas de BIG-IP (11.6.x, 12.1.x, 13.1.x, 14.1.x, 15.0.x, 15.1.x) deben actualizar inmediatamente a las nuevas versiones.<\/p>\n\n\n\n

Verificar la actualizaci\u00f3n del sistema<\/strong><\/p>\n\n\n\n

Es posible verificar que el parche qued\u00f3 correctamente aplicado si luego de actualizar el sistema se realiza los siguientes chequeos:<\/p>\n\n\n\n

https:\/\/[IP ADDRESS]\/tmui\/login.jsp\/..;\/login.jsp<\/p>\n\n\n\n

https:\/\/[IP ADDRESS]\/hsqldb%0a<\/p>\n\n\n\n

Si el parche qued\u00f3 correctamente aplicado entonces se recibe un c\u00f3digo de error 404.<\/p>\n\n\n\n

M\u00e1s informaci\u00f3n<\/strong><\/h3>\n\n\n\n

https:\/\/support.f5.com\/csp\/article\/K52145254<\/a><\/p>\n\n\n\n

https:\/\/github.com\/f5devcentral\/cve-2020-5902-ioc-bigip-checker\/<\/a><\/p>\n\n\n\n

https:\/\/swarm.ptsecurity.com\/rce-in-f5-big-ip\/<\/a><\/p>\n\n\n\n

https:\/\/www.exploit-db.com\/exploits\/48642<\/a><\/p>\n\n\n\n

https:\/\/github.com\/yasserjanah\/CVE-2020-5902<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

La vulnerabilidad identificada con CVE-2020-5902, permitir\u00eda la ejecuci\u00f3n remota de comandos y el control total del sistema afectado. Esta vulnerabilidad ha sido catalogada como cr\u00edtica con un puntaje CVSS de 10 sobre 10. Seg\u00fan Mikhail Klyuchnikov, quien es el responsable de encontrar y reportar este problema a F5 Networks, el problema se encuentra en la […]<\/p>\n","protected":false},"author":3,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[55],"tags":[],"class_list":["post-4202","post","type-post","status-publish","format-standard","hentry","category-arquivo-pt-br"],"acf":[],"yoast_head":"\nLACNIC CSIRT - Vulnerabilidad cr\u00edtica en TMUI de F5 permite ejecuci\u00f3n remota de comandos<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/csirt.lacnic.net\/pt-br\/arquivo-pt-br\/vulnerabilidad-critica-en-tmui-de-f5-permite-ejecucion-remota-de-comandos\" \/>\n<meta property=\"og:locale\" content=\"pt_BR\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"LACNIC CSIRT - Vulnerabilidad cr\u00edtica en TMUI de F5 permite ejecuci\u00f3n remota de comandos\" \/>\n<meta property=\"og:description\" content=\"La vulnerabilidad identificada con CVE-2020-5902, permitir\u00eda la ejecuci\u00f3n remota de comandos y el control total del sistema afectado. Esta vulnerabilidad ha sido catalogada como cr\u00edtica con un puntaje CVSS de 10 sobre 10. Seg\u00fan Mikhail Klyuchnikov, quien es el responsable de encontrar y reportar este problema a F5 Networks, el problema se encuentra en la […]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/csirt.lacnic.net\/pt-br\/arquivo-pt-br\/vulnerabilidad-critica-en-tmui-de-f5-permite-ejecucion-remota-de-comandos\" \/>\n<meta property=\"og:site_name\" content=\"LACNIC CSIRT\" \/>\n<meta property=\"article:published_time\" content=\"2023-06-08T13:54:46+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-06-08T17:49:29+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/csirt.lacnic.net\/wp-content\/uploads\/lacnic-csirt-2020.png\" \/>\n\t<meta property=\"og:image:width\" content=\"680\" \/>\n\t<meta property=\"og:image:height\" content=\"330\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Gianni Arena\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@lacnic_csirt\" \/>\n<meta name=\"twitter:site\" content=\"@lacnic_csirt\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/csirt.lacnic.net\\\/pt-br\\\/arquivo-pt-br\\\/vulnerabilidad-critica-en-tmui-de-f5-permite-ejecucion-remota-de-comandos#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/csirt.lacnic.net\\\/pt-br\\\/arquivo-pt-br\\\/vulnerabilidad-critica-en-tmui-de-f5-permite-ejecucion-remota-de-comandos\"},\"author\":{\"name\":\"Gianni Arena\",\"@id\":\"https:\\\/\\\/csirt.lacnic.net\\\/en\\\/#\\\/schema\\\/person\\\/d5c65fde1dbe338128788dcc20e9f5d3\"},\"headline\":\"Vulnerabilidad cr\u00edtica en TMUI de F5 permite ejecuci\u00f3n remota de comandos\",\"datePublished\":\"2023-06-08T13:54:46+00:00\",\"dateModified\":\"2023-06-08T17:49:29+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/csirt.lacnic.net\\\/pt-br\\\/arquivo-pt-br\\\/vulnerabilidad-critica-en-tmui-de-f5-permite-ejecucion-remota-de-comandos\"},\"wordCount\":355,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/csirt.lacnic.net\\\/en\\\/#organization\"},\"articleSection\":[\"Arquivo\"],\"inLanguage\":\"pt-BR\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/csirt.lacnic.net\\\/pt-br\\\/arquivo-pt-br\\\/vulnerabilidad-critica-en-tmui-de-f5-permite-ejecucion-remota-de-comandos#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/csirt.lacnic.net\\\/pt-br\\\/arquivo-pt-br\\\/vulnerabilidad-critica-en-tmui-de-f5-permite-ejecucion-remota-de-comandos\",\"url\":\"https:\\\/\\\/csirt.lacnic.net\\\/pt-br\\\/arquivo-pt-br\\\/vulnerabilidad-critica-en-tmui-de-f5-permite-ejecucion-remota-de-comandos\",\"name\":\"LACNIC CSIRT - Vulnerabilidad cr\u00edtica en TMUI de F5 permite ejecuci\u00f3n remota de comandos\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/csirt.lacnic.net\\\/en\\\/#website\"},\"datePublished\":\"2023-06-08T13:54:46+00:00\",\"dateModified\":\"2023-06-08T17:49:29+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/csirt.lacnic.net\\\/pt-br\\\/arquivo-pt-br\\\/vulnerabilidad-critica-en-tmui-de-f5-permite-ejecucion-remota-de-comandos#breadcrumb\"},\"inLanguage\":\"pt-BR\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/csirt.lacnic.net\\\/pt-br\\\/arquivo-pt-br\\\/vulnerabilidad-critica-en-tmui-de-f5-permite-ejecucion-remota-de-comandos\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/csirt.lacnic.net\\\/pt-br\\\/arquivo-pt-br\\\/vulnerabilidad-critica-en-tmui-de-f5-permite-ejecucion-remota-de-comandos#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Portada\",\"item\":\"https:\\\/\\\/csirt.lacnic.net\\\/pt-br\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Vulnerabilidad cr\u00edtica en TMUI de F5 permite ejecuci\u00f3n remota de comandos\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/csirt.lacnic.net\\\/en\\\/#website\",\"url\":\"https:\\\/\\\/csirt.lacnic.net\\\/en\\\/\",\"name\":\"LACNIC CSIRT\",\"description\":\"Centro de Respuestas de Incidentes - LACNIC CSIRT\",\"publisher\":{\"@id\":\"https:\\\/\\\/csirt.lacnic.net\\\/en\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/csirt.lacnic.net\\\/en\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"pt-BR\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/csirt.lacnic.net\\\/en\\\/#organization\",\"name\":\"LACNIC CSIRT\",\"url\":\"https:\\\/\\\/csirt.lacnic.net\\\/en\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"pt-BR\",\"@id\":\"https:\\\/\\\/csirt.lacnic.net\\\/en\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/csirt.lacnic.net\\\/wp-content\\\/uploads\\\/lacnic-csirt-2020.png\",\"contentUrl\":\"https:\\\/\\\/csirt.lacnic.net\\\/wp-content\\\/uploads\\\/lacnic-csirt-2020.png\",\"width\":680,\"height\":330,\"caption\":\"LACNIC CSIRT\"},\"image\":{\"@id\":\"https:\\\/\\\/csirt.lacnic.net\\\/en\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/lacnic_csirt\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/csirt.lacnic.net\\\/en\\\/#\\\/schema\\\/person\\\/d5c65fde1dbe338128788dcc20e9f5d3\",\"name\":\"Gianni Arena\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"pt-BR\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/cc620878b92e4930abb5951af723f7e852088c31f8489beda9016e53725fb1f2?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/cc620878b92e4930abb5951af723f7e852088c31f8489beda9016e53725fb1f2?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/cc620878b92e4930abb5951af723f7e852088c31f8489beda9016e53725fb1f2?s=96&d=mm&r=g\",\"caption\":\"Gianni Arena\"},\"url\":\"https:\\\/\\\/csirt.lacnic.net\\\/pt-br\\\/author\\\/gianni\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"LACNIC CSIRT - Vulnerabilidad cr\u00edtica en TMUI de F5 permite ejecuci\u00f3n remota de comandos","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/csirt.lacnic.net\/pt-br\/arquivo-pt-br\/vulnerabilidad-critica-en-tmui-de-f5-permite-ejecucion-remota-de-comandos","og_locale":"pt_BR","og_type":"article","og_title":"LACNIC CSIRT - Vulnerabilidad cr\u00edtica en TMUI de F5 permite ejecuci\u00f3n remota de comandos","og_description":"La vulnerabilidad identificada con CVE-2020-5902, permitir\u00eda la ejecuci\u00f3n remota de comandos y el control total del sistema afectado. Esta vulnerabilidad ha sido catalogada como cr\u00edtica con un puntaje CVSS de 10 sobre 10. Seg\u00fan Mikhail Klyuchnikov, quien es el responsable de encontrar y reportar este problema a F5 Networks, el problema se encuentra en la […]","og_url":"https:\/\/csirt.lacnic.net\/pt-br\/arquivo-pt-br\/vulnerabilidad-critica-en-tmui-de-f5-permite-ejecucion-remota-de-comandos","og_site_name":"LACNIC CSIRT","article_published_time":"2023-06-08T13:54:46+00:00","article_modified_time":"2023-06-08T17:49:29+00:00","og_image":[{"width":680,"height":330,"url":"https:\/\/csirt.lacnic.net\/wp-content\/uploads\/lacnic-csirt-2020.png","type":"image\/png"}],"author":"Gianni Arena","twitter_card":"summary_large_image","twitter_creator":"@lacnic_csirt","twitter_site":"@lacnic_csirt","schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/csirt.lacnic.net\/pt-br\/arquivo-pt-br\/vulnerabilidad-critica-en-tmui-de-f5-permite-ejecucion-remota-de-comandos#article","isPartOf":{"@id":"https:\/\/csirt.lacnic.net\/pt-br\/arquivo-pt-br\/vulnerabilidad-critica-en-tmui-de-f5-permite-ejecucion-remota-de-comandos"},"author":{"name":"Gianni Arena","@id":"https:\/\/csirt.lacnic.net\/en\/#\/schema\/person\/d5c65fde1dbe338128788dcc20e9f5d3"},"headline":"Vulnerabilidad cr\u00edtica en TMUI de F5 permite ejecuci\u00f3n remota de comandos","datePublished":"2023-06-08T13:54:46+00:00","dateModified":"2023-06-08T17:49:29+00:00","mainEntityOfPage":{"@id":"https:\/\/csirt.lacnic.net\/pt-br\/arquivo-pt-br\/vulnerabilidad-critica-en-tmui-de-f5-permite-ejecucion-remota-de-comandos"},"wordCount":355,"commentCount":0,"publisher":{"@id":"https:\/\/csirt.lacnic.net\/en\/#organization"},"articleSection":["Arquivo"],"inLanguage":"pt-BR","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/csirt.lacnic.net\/pt-br\/arquivo-pt-br\/vulnerabilidad-critica-en-tmui-de-f5-permite-ejecucion-remota-de-comandos#respond"]}]},{"@type":"WebPage","@id":"https:\/\/csirt.lacnic.net\/pt-br\/arquivo-pt-br\/vulnerabilidad-critica-en-tmui-de-f5-permite-ejecucion-remota-de-comandos","url":"https:\/\/csirt.lacnic.net\/pt-br\/arquivo-pt-br\/vulnerabilidad-critica-en-tmui-de-f5-permite-ejecucion-remota-de-comandos","name":"LACNIC CSIRT - Vulnerabilidad cr\u00edtica en TMUI de F5 permite ejecuci\u00f3n remota de comandos","isPartOf":{"@id":"https:\/\/csirt.lacnic.net\/en\/#website"},"datePublished":"2023-06-08T13:54:46+00:00","dateModified":"2023-06-08T17:49:29+00:00","breadcrumb":{"@id":"https:\/\/csirt.lacnic.net\/pt-br\/arquivo-pt-br\/vulnerabilidad-critica-en-tmui-de-f5-permite-ejecucion-remota-de-comandos#breadcrumb"},"inLanguage":"pt-BR","potentialAction":[{"@type":"ReadAction","target":["https:\/\/csirt.lacnic.net\/pt-br\/arquivo-pt-br\/vulnerabilidad-critica-en-tmui-de-f5-permite-ejecucion-remota-de-comandos"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/csirt.lacnic.net\/pt-br\/arquivo-pt-br\/vulnerabilidad-critica-en-tmui-de-f5-permite-ejecucion-remota-de-comandos#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Portada","item":"https:\/\/csirt.lacnic.net\/pt-br"},{"@type":"ListItem","position":2,"name":"Vulnerabilidad cr\u00edtica en TMUI de F5 permite ejecuci\u00f3n remota de comandos"}]},{"@type":"WebSite","@id":"https:\/\/csirt.lacnic.net\/en\/#website","url":"https:\/\/csirt.lacnic.net\/en\/","name":"LACNIC CSIRT","description":"Centro de Respuestas de Incidentes - LACNIC CSIRT","publisher":{"@id":"https:\/\/csirt.lacnic.net\/en\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/csirt.lacnic.net\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"pt-BR"},{"@type":"Organization","@id":"https:\/\/csirt.lacnic.net\/en\/#organization","name":"LACNIC CSIRT","url":"https:\/\/csirt.lacnic.net\/en\/","logo":{"@type":"ImageObject","inLanguage":"pt-BR","@id":"https:\/\/csirt.lacnic.net\/en\/#\/schema\/logo\/image\/","url":"https:\/\/csirt.lacnic.net\/wp-content\/uploads\/lacnic-csirt-2020.png","contentUrl":"https:\/\/csirt.lacnic.net\/wp-content\/uploads\/lacnic-csirt-2020.png","width":680,"height":330,"caption":"LACNIC CSIRT"},"image":{"@id":"https:\/\/csirt.lacnic.net\/en\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/lacnic_csirt"]},{"@type":"Person","@id":"https:\/\/csirt.lacnic.net\/en\/#\/schema\/person\/d5c65fde1dbe338128788dcc20e9f5d3","name":"Gianni Arena","image":{"@type":"ImageObject","inLanguage":"pt-BR","@id":"https:\/\/secure.gravatar.com\/avatar\/cc620878b92e4930abb5951af723f7e852088c31f8489beda9016e53725fb1f2?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/cc620878b92e4930abb5951af723f7e852088c31f8489beda9016e53725fb1f2?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/cc620878b92e4930abb5951af723f7e852088c31f8489beda9016e53725fb1f2?s=96&d=mm&r=g","caption":"Gianni Arena"},"url":"https:\/\/csirt.lacnic.net\/pt-br\/author\/gianni"}]}},"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/csirt.lacnic.net\/pt-br\/wp-json\/wp\/v2\/posts\/4202","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/csirt.lacnic.net\/pt-br\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/csirt.lacnic.net\/pt-br\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/csirt.lacnic.net\/pt-br\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/csirt.lacnic.net\/pt-br\/wp-json\/wp\/v2\/comments?post=4202"}],"version-history":[{"count":0,"href":"https:\/\/csirt.lacnic.net\/pt-br\/wp-json\/wp\/v2\/posts\/4202\/revisions"}],"wp:attachment":[{"href":"https:\/\/csirt.lacnic.net\/pt-br\/wp-json\/wp\/v2\/media?parent=4202"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/csirt.lacnic.net\/pt-br\/wp-json\/wp\/v2\/categories?post=4202"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/csirt.lacnic.net\/pt-br\/wp-json\/wp\/v2\/tags?post=4202"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}