F5 Networks BIG-IP : F5 tmsh vulnerability (K40378764)

high Nessus Plugin ID 127498

Synopsis

The remote device is missing a vendor-supplied security patch.

Description

Authenticated users with the ability to upload files (via scp, for example) can escalate their privileges to allow root shell access from within the TMOS Shell ( tmsh )interface. The tmsh interface allows users to execute a secondary program via tools like sftp or scp .
(CVE-2019-6642)

Impact

BIG-IP,BIG-IQ, F5 iWorkflow, and Enterprise Manager

The affected systemsare incidentally protected against direct access to the Advanced Shell ( bash ); however, users who can upload an executable file (or script) can bypass this protection.

Traffix SDC

There is no impact for this productas itisnot affected by this vulnerability.

Solution

Upgrade to one of the non-vulnerable versions listed in the F5 Solution K40378764.

See Also

https://my.f5.com/manage/s/article/K40378764

Plugin Details

Severity: High

ID: 127498

File Name: f5_bigip_SOL40378764.nasl

Version: 1.6

Type: local

Published: 8/12/2019

Updated: 11/3/2023

Configuration: Enable paranoid mode

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 9

Temporal Score: 6.7

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C

CVSS Score Source: CVE-2019-6642

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 7.7

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:f5:big-ip_link_controller, cpe:/a:f5:big-ip_application_visibility_and_reporting, cpe:/a:f5:big-ip_domain_name_system, cpe:/a:f5:big-ip_policy_enforcement_manager, cpe:/h:f5:big-ip, cpe:/a:f5:big-ip_application_security_manager, cpe:/a:f5:big-ip_advanced_firewall_manager, cpe:/a:f5:big-ip_local_traffic_manager, cpe:/a:f5:big-ip_access_policy_manager, cpe:/a:f5:big-ip_global_traffic_manager, cpe:/a:f5:big-ip_application_acceleration_manager, cpe:/a:f5:big-ip_webaccelerator

Required KB Items: Host/local_checks_enabled, Settings/ParanoidReport, Host/BIG-IP/hotfix, Host/BIG-IP/modules, Host/BIG-IP/version

Exploit Ease: No known exploits are available

Patch Publication Date: 6/27/2019

Vulnerability Publication Date: 7/1/2019

Reference Information

CVE: CVE-2019-6642