CVE-2020-5858 : Security Advisory and Response
Learn about CVE-2020-5858 affecting BIG-IP and BIG-IQ products, allowing non-administrator users to execute commands with elevated privileges. Find mitigation steps and patching recommendations.
A privilege escalation vulnerability affecting BIG-IP and BIG-IQ products allows non-administrator users to execute arbitrary commands with elevated privileges.
Understanding CVE-2020-5858
What is CVE-2020-5858?
The CVE-2020-5858 vulnerability impacts BIG-IP versions 11.5.2-11.6.5.1, 12.1.0-12.1.5, 13.1.0-13.1.3.2, 14.1.0-14.1.2.2, and 15.0.0-15.0.1.2, as well as BIG-IQ versions 5.2.0-5.4.0, 6.0.0-6.1.0, and 7.0.0. It allows unauthorized users to run commands with elevated privileges.
The Impact of CVE-2020-5858
The vulnerability enables users with non-administrator roles to execute arbitrary commands using tmsh shell access, potentially leading to unauthorized actions and data breaches.
Technical Details of CVE-2020-5858
Vulnerability Description
Users with non-administrator roles on affected versions can exploit the vulnerability by crafting tmsh commands to gain elevated privileges.
Affected Systems and Versions
- BIG-IP versions 11.5.2-11.6.5.1, 12.1.0-12.1.5, 13.1.0-13.1.3.2, 14.1.0-14.1.2.2, 15.0.0-15.0.1.2
- BIG-IQ versions 5.2.0-5.4.0, 6.0.0-6.1.0, 7.0.0
Exploitation Mechanism
Unauthorized users can leverage tmsh shell access to execute specially crafted commands, granting them elevated privileges.
Mitigation and Prevention
Immediate Steps to Take
- Restrict tmsh shell access for non-administrator roles
- Monitor and audit tmsh commands for unusual activities
Long-Term Security Practices
- Regularly review and update user roles and permissions
- Implement least privilege access controls
Patching and Updates
Apply vendor-released patches and updates to mitigate the vulnerability.