CVE-2020-5902— F5 BIG-IP 路径遍历漏洞
公开利用映射 5
Metasploit · 1 f5_bigip_tmui_rce_cve_2020_5902.rb [exploit]
Nuclei · 1 CVE-2020-5902.yaml [template]
已观察到在野利用 cisa_kev · confirmed
获取后续新漏洞提醒登录后订阅
一、 漏洞 CVE-2020-5902 基础信息
漏洞信息
对漏洞内容有疑问?看看神龙的深度分析是否有帮助!
查看神龙十问 ↗ 尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
N/A
来源: 美国国家漏洞数据库 NVD
Vulnerability Description
In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the Traffic Management User Interface (TMUI), also referred to as the Configuration utility, has a Remote Code Execution (RCE) vulnerability in undisclosed pages.
来源: 美国国家漏洞数据库 NVD
CVSS Information
N/A
来源: 美国国家漏洞数据库 NVD
Vulnerability Type
N/A
来源: 美国国家漏洞数据库 NVD
Vulnerability Title
F5 BIG-IP 路径遍历漏洞
来源: 中国国家信息安全漏洞库 CNNVD
Vulnerability Description
F5 BIG-IP是美国F5公司的一款集成了网络流量管理、应用程序安全管理、负载均衡等功能的应用交付平台。 F5 BIG-IP中存在路径遍历漏洞。攻击者可利用该漏洞执行任意的系统命令、创建或删除文件,关闭服务/执行任意的Java代码,可能完全入侵系统。以下产品及版本受到影响:F5 BIG-IP 15.1.0版本,15.0.0版本,14.1.0版本至14.1.2版本,13.1.0版本至13.1.3版本,12.1.0版本至12.1.5版本,11.6.1版本至11.6.5版本。
来源: 中国国家信息安全漏洞库 CNNVD
CVSS Information
N/A
来源: 中国国家信息安全漏洞库 CNNVD
Vulnerability Type
N/A
来源: 中国国家信息安全漏洞库 CNNVD
受影响产品
| 厂商 | 产品 | 影响版本 | CPE | 订阅 |
|---|---|---|---|---|
| - | BIG-IP | 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, 11.6.1-11.6.5.1 | - |
二、漏洞 CVE-2020-5902 的公开POC
| # | POC 描述 | 源链接 | 神龙链接 |
|---|---|---|---|
| 1 | CVE-2020-5902 | https://github.com/dwisiswant0/CVE-2020-5902 | POC详情 |
| 2 | Automated script for F5 BIG-IP scanner (CVE-2020-5902) using hosts retrieved from Shodan API. | https://github.com/aqhmal/CVE-2020-5902-Scanner | POC详情 |
| 3 | CVE-2020-5902 BIG-IP | https://github.com/jas502n/CVE-2020-5902 | POC详情 |
| 4 | POC code for checking for this vulnerability. Since the code has been released, I decided to release this one as well. Patch Immediately! | https://github.com/ar0dd/CVE-2020-5902 | POC详情 |
| 5 | Proof of concept for CVE-2020-5902 | https://github.com/yassineaboukir/CVE-2020-5902 | POC详情 |
| 6 | None | https://github.com/rwincey/CVE-2020-5902-NSE | POC详情 |
| 7 | Proof of Concept for CVE-2020-5902 | https://github.com/un4gi/CVE-2020-5902 | POC详情 |
| 8 | None | https://github.com/nsflabs/CVE-2020-5902 | POC详情 |
| 9 | exploit code for F5-Big-IP (CVE-2020-5902) | https://github.com/yasserjanah/CVE-2020-5902 | POC详情 |
| 10 | BIG-IP F5 Remote Code Execution | https://github.com/JSec1337/RCE-CVE-2020-5902 | POC详情 |
| 11 | Python script to exploit F5 Big-IP CVE-2020-5902 | https://github.com/dunderhay/CVE-2020-5902 | POC详情 |
| 12 | cve-2020-5902 POC exploit | https://github.com/r0ttenbeef/cve-2020-5902 | POC详情 |
| 13 | None | https://github.com/sv3nbeast/CVE-2020-5902_RCE | POC详情 |
| 14 | CVE-2020-5902 scanner | https://github.com/cybersecurityworks553/scanner-CVE-2020-5902 | POC详情 |
| 15 | 批量扫描CVE-2020-5902,远程代码执行,已测试 | https://github.com/lijiaxing1997/CVE-2020-5902-POC-EXP | POC详情 |
| 16 | dummy poc | https://github.com/qlkwej/poc-CVE-2020-5902 | POC详情 |
| 17 | None | https://github.com/Zinkuth/F5-BIG-IP-CVE-2020-5902 | POC详情 |
| 18 | Python script to check CVE-2020-5902 (F5 BIG-IP devices). | https://github.com/0xAbdullah/CVE-2020-5902 | POC详情 |
| 19 | CVE-2020-5902 | https://github.com/jinnywc/CVE-2020-5902 | POC详情 |
| 20 | Patch F5 appliance CVE-2020-5902 | https://github.com/GoodiesHQ/F5-Patch | POC详情 |
| 21 | F5 BIG-IP Scanner (CVE-2020-5902) | https://github.com/jiansiting/CVE-2020-5902 | POC详情 |
| 22 | Fix CVE-2020-5902 | https://github.com/wdlid/CVE-2020-5902-fix | POC详情 |
| 23 | None | https://github.com/Any3ite/CVE-2020-5902-F5BIG | POC详情 |
| 24 | None | https://github.com/k3nundrum/CVE-2020-5902 | POC详情 |
| 25 | Scan from a given list for F5 BIG-IP and check for CVE-2020-5902 | https://github.com/inho28/CVE-2020-5902-F5-BIGIP | POC详情 |
| 26 | F5 mass scanner and CVE-2020-5902 checker | https://github.com/cristiano-corrado/f5_scanner | POC详情 |
| 27 | POC | https://github.com/ajdumanhug/CVE-2020-5902 | POC详情 |
| 28 | F5 BIG-IP 任意文件读取+远程命令执行RCE | https://github.com/zhzyker/CVE-2020-5902 | POC详情 |
| 29 | It is a small script to fetch out the subdomains/ip vulnerable to CVE-2020-5902 written in bash | https://github.com/GovindPalakkal/EvilRip | POC详情 |
| 30 | None | https://github.com/dnerzker/CVE-2020-5902 | POC详情 |
| 31 | A powershell script to check vulnerability CVE-2020-5902 of ip list | https://github.com/renanhsilva/checkvulnCVE20205902 | POC详情 |
| 32 | F5 BIG IP Scanner for CVE-2020-5902 | https://github.com/halencarjunior/f5scan | POC详情 |
| 33 | Script para validar CVE-2020-5902 hecho en Go. | https://github.com/deepsecurity-pe/GoF5-CVE-2020-5902 | POC详情 |
| 34 | None | https://github.com/Shu1L/CVE-2020-5902-fofa-scan | POC详情 |
| 35 | F5 Big-IP CVE-2020-5902 mass exploiter/fuzzer. | https://github.com/d4rk007/F5-Big-IP-CVE-2020-5902-mass-exploiter | POC详情 |
| 36 | Simple Vulnerability Checker Wrote by me "@TheCyberViking" and A fellow Researcher who wanted to be left Nameless... you know who you are you beautiful bitch | https://github.com/TheCyberViking/CVE-2020-5902-Vuln-Checker | POC详情 |
| 37 | Exploits for CVE-2020-5902 POC | https://github.com/itsjeffersonli/CVE-2020-5902 | POC详情 |
| 38 | Checker CVE-2020-5902: BIG-IP versions 15.0.0 through 15.1.0.3, 14.1.0 through 14.1.2.5, 13.1.0 through 13.1.3.3, 12.1.0 through 12.1.5.1, and 11.6.1 through 11.6.5.1 suffer from Traffic Management User Interface (TMUI) arbitrary file read and command execution vulnerabilities. | https://github.com/MrCl0wnLab/checker-CVE-2020-5902 | POC详情 |
| 39 | 批量检测CVE-2020-5902 | https://github.com/qiong-qi/CVE-2020-5902-POC | POC详情 |
| 40 | F5 BIG-IP RCE CVE-2020-5902 automatic check tool | https://github.com/theLSA/f5-bigip-rce-cve-2020-5902 | POC详情 |
| 41 | CVE-2020-5902 | https://github.com/Al1ex/CVE-2020-5902 | POC详情 |
| 42 | None | https://github.com/freeFV/CVE-2020-5902-fofa-scan | POC详情 |
| 43 | None | https://github.com/momika233/cve-2020-5902 | POC详情 |
| 44 | GUI | https://github.com/rockmelodies/CVE-2020-5902-rce-gui | POC详情 |
| 45 | Mass exploit for CVE-2020-5902 | https://github.com/5l1v3r1/CVE-2020-5902-Mass | POC详情 |
| 46 | None | https://github.com/f5devcentral/cve-2020-5902-ioc-bigip-checker | POC详情 |
| 47 | A network detection package for CVE-2020-5902, a CVE10.0 vulnerability affecting F5 Networks, Inc BIG-IP devices. | https://github.com/corelight/CVE-2020-5902-F5BigIP | POC详情 |
| 48 | Automated F5 Big IP Remote Code Execution (CVE-2020-5902) Scanner Written In Python 3 | https://github.com/PushpenderIndia/CVE-2020-5902-Scanner | POC详情 |
| 49 | [CVE-2020-5902] F5 BIG-IP Remote Code Execution (RCE) | https://github.com/murataydemir/CVE-2020-5902 | POC详情 |
| 50 | None | https://github.com/superzerosec/cve-2020-5902 | POC详情 |
| 51 | (CVE-2020-5902) BIG IP F5 TMUI RCE Vulnerability RCE PoC/ Test Script | https://github.com/ludy-dev/BIG-IP-F5-TMUI-RCE-Vulnerability | POC详情 |
| 52 | simple bash script of F5 BIG-IP TMUI Vulnerability CVE-2020-5902 checker | https://github.com/faisalfs10x/F5-BIG-IP-CVE-2020-5902-shodan-scanner | POC详情 |
| 53 | Auto exploit RCE CVE-2020-5902 | https://github.com/haisenberg/CVE-2020-5902 | POC详情 |
| 54 | BIGIP CVE-2020-5902 Exploit POC and automation scanning vulnerability | https://github.com/z3n70/CVE-2020-5902 | POC详情 |
| 55 | None | https://github.com/amitlttwo/CVE-2020-5902 | POC详情 |
| 56 | Exploits for CVE-2020-5902 POC | https://github.com/flyopenair/CVE-2020-5902 | POC详情 |
| 57 | A simple workflow that runs all BigIP related nuclei templates on a given target. | https://github.com/projectdiscovery/nuclei-templates/blob/main/workflows/bigip-workflow.yaml | POC详情 |
| 58 | F5 BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the Traffic Management User Interface (TMUI), also referred to as the Configuration utility, has a Remote Code Execution (RCE) vulnerability in undisclosed pages. | https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2020/CVE-2020-5902.yaml | POC详情 |
| 59 | None | https://github.com/Threekiii/Awesome-POC/blob/master/Web%E5%BA%94%E7%94%A8%E6%BC%8F%E6%B4%9E/F5%20BIG-IP%20%E8%BF%9C%E7%A8%8B%E4%BB%A3%E7%A0%81%E6%89%A7%E8%A1%8C%E6%BC%8F%E6%B4%9E%20CVE-2020-5902.md | POC详情 |
| 60 | CVE-2020-5902 | https://github.com/B1ack4sh/Blackash-CVE-2020-5902 | POC详情 |
| 61 | CVE-2020-5902 | https://github.com/Ashwesker/Blackash-CVE-2020-5902 | POC详情 |
| 62 | Script para validar CVE-2020-5902 hecho en Go. | https://github.com/DeepSecurity-Pe/GoF5-CVE-2020-5902 | POC详情 |
AI 生成 POC高级
未找到公开 POC。
登录以生成 AI POC三、漏洞 CVE-2020-5902 的情报信息
请登录查看更多情报信息。
CVE-2020-5902 厂商安全公告 (2)
- https://www.kb.cert.org/vuls/id/290915third-party-advisory
CVE-2020-5902 公开利用代码 (5)
CVE-2020-5902 其他参考 (4)
同批安全公告 · n/a · 2020-07-01 · 共 43 条
| CVE-2020-7688 | 8.4 HIGH | mversion 操作系统命令注入漏洞 |
| CVE-2020-7689 | 5.9 MEDIUM | bcrypt 加密问题漏洞 |
| CVE-2020-12603 | Envoy 资源管理错误漏洞 | |
| CVE-2020-15471 | Ntop nDPI 缓冲区错误漏洞 | |
| CVE-2020-15478 | Journal theme 信息泄露漏洞 | |
| CVE-2020-15472 | Ntop nDPI 缓冲区错误漏洞 | |
| CVE-2020-15475 | Ntop nDPI 资源管理错误漏洞 | |
| CVE-2020-15476 | Ntop nDPI 缓冲区错误漏洞 | |
| CVE-2020-15470 | ffjpeg 缓冲区错误漏洞 | |
| CVE-2020-15468 | Persian VIP Download Script SQL注入漏洞 | |
| CVE-2020-15474 | Ntop nDPI 缓冲区错误漏洞 | |
| CVE-2017-1712 | HCL Technologies Domino 加密问题漏洞 | |
| CVE-2017-1659 | HCL Technologies Notes 跨站脚本漏洞 | |
| CVE-2020-5900 | F5 NGINX Controller 跨站请求伪造漏洞 | |
| CVE-2020-5899 | F5 NGINX Controller 授权问题漏洞 | |
| CVE-2020-5901 | F5 NGINX Controller 跨站脚本漏洞 | |
| CVE-2020-13380 | Open Solutions for Education openSIS SQL注入漏洞 | |
| CVE-2020-13381 | Open Solutions for Education openSIS SQL注入漏洞 | |
| CVE-2020-8663 | Envoy 资源管理错误漏洞 | |
| CVE-2020-13382 | Open Solutions for Education openSIS 访问控制错误漏洞 |
显示前 20 条,共 43 条。 查看全部 → →
IV. Related Vulnerabilities
V. Comments for CVE-2020-5902
暂无评论