Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2020-5902 PoC — F5 BIG-IP 路径遍历漏洞

Source
https://github.com/B1ack4sh/Blackash-CVE-2020-5902
Associated Vulnerability
Title:F5 BIG-IP 路径遍历漏洞 (CVE-2020-5902)
Description:F5 BIG-IP是美国F5公司的一款集成了网络流量管理、应用程序安全管理、负载均衡等功能的应用交付平台。 F5 BIG-IP中存在路径遍历漏洞。攻击者可利用该漏洞执行任意的系统命令、创建或删除文件,关闭服务/执行任意的Java代码,可能完全入侵系统。以下产品及版本受到影响:F5 BIG-IP 15.1.0版本,15.0.0版本,14.1.0版本至14.1.2版本,13.1.0版本至13.1.3版本,12.1.0版本至12.1.5版本,11.6.1版本至11.6.5版本。
Description
CVE-2020-5902
Readme
# 🔴 **CVE-2020-5902: Critical RCE in F5 BIG-IP** 🚨

![maxresdefault](https://github.com/user-attachments/assets/f7c369d2-478f-4b4f-b96b-6d3ba60b8bc2)

> *"Unauthenticated attackers can execute **arbitrary code** on your BIG-IP — **full compromise possible**!"* 😱

---

## 🎯 **Quick Summary**
- **Type**: Remote Code Execution (RCE) 💻
- **CVSS Score**: **9.8 / Critical** 🔥
- **Access**: **Unauthenticated** 🌐
- **Exploit**: Publicly available (Metasploit module) 🛠️
- **Status**: Actively exploited since **July 2020** ⚔️

---

## 🛡️ **Affected BIG-IP Modules**

<img width="1024" height="555" alt="_microsoftteams-image-36" src="https://github.com/user-attachments/assets/f9846de5-7711-43c6-846c-ab3763b6168e" />


| Module | Status |
|-------|--------|
| LTM, AAM, AFM | ❌ Vulnerable |
| Analytics, APM, ASM | ❌ Vulnerable |
| PEM, WebAccelerator | ❌ Vulnerable |
| **BIG-IQ / VE** | ✅ **Not Affected** |

---

## 📊 **Vulnerable Versions** (Patch **NOW**!)

| Version Range | Fixed In |
|---------------|----------|
| `15.1.0 – 15.1.0.5` | `15.1.0.6+` ✅ |
| `14.1.0 – 14.1.2.1` | `14.1.2.2+` ✅ |
| `13.1.0 – 13.1.3.3` | `13.1.3.4+` ✅ |
| `12.1.0 – 12.1.5.2` | `12.1.5.3+` ✅ |
| `11.6.1 – 11.6.5.2` | `11.6.5.3+` ✅ |

> **Only TMUI (port 443) exposed?** → Still **at risk** if unpatched! 🔓

---

## ⚡ **How Attackers Exploit It**

<img width="1200" height="782" alt="CVE-2020-5902-fig8" src="https://github.com/user-attachments/assets/0a223b86-95b7-45f0-9896-4af08481ca81" />


1. Send crafted HTTP request to `/tmui/` 🌐
2. Trigger directory traversal + RCE 🕳️
3. Run shell commands, delete files, or steal data 💾

> **Bypass Alert**: Early iRule mitigations were **quickly bypassed**! 🚫

---

## 🛑 **Immediate Actions**

![big-ip-1](https://github.com/user-attachments/assets/a0642a7f-6d63-4ea6-895c-3573f9c0c4f6)


| Action | Priority |
|-------|----------|
| **Upgrade to fixed version** | 🔥 **Critical** |
| Restrict TMUI to trusted IPs | 🔒 **High** |
| Block `/tmui/` via firewall | 🛑 **Medium (temporary)** |
| Scan with Nessus / Qualys | 🔍 **Now** |

---

## 🔗 **Official Resources**
- [F5 Advisory (K52145254)](https://support.f5.com/csp/article/K52145254) 📜
- [NVD Detail](https://nvd.nist.gov/vuln/detail/CVE-2020-5902) 📋
- [CISA Alert](https://www.cisa.gov/news-events/alerts/2020/07/04/f5-releases-security-advisory-big-ip-tmui-rce-vulnerability-cve-2020-5902) 🚨

---

## ⏰ **Still Unpatched in 2025?**
> **You’re a prime target.**  
> Hackers scan for this **daily** with Shodan & mass exploits. 🕵️‍♂️

---

**Patch it. Lock it. Log it.**  
Your BIG-IP deserves better. 💪✨
File Snapshot

 [4.0K]  /data/pocs/ce1ea099967745c39d5da926f805b3e7f890944b
└── [2.7K]  README.md

1 directory, 1 file
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.