Checker CVE-2020-5902: BIG-IP Versions Suffer From Traffic Management User Interface (TMUI) Arbitrary File Read And C ommand Execution Vulnerabilities

Checker CVE-2020-5902: BIG-IP versions 15.0.0 through 15.1.0.3, 14.1.0 through 14.1.2.5, 13.1.0 through 13.1.3.3, 12.1.0 through 12.1.5.1, and 11.6.1 through 11.6.5.1 suffer from Traffic Management User Interface (TMUI) arbitrary file read and command execution vulnerabilities.

 + Autor: MrCl0wn
 + Blog: http://blog.mrcl0wn.com
 + GitHub: https://github.com/MrCl0wnLab
 + Twitter: https://twitter.com/MrCl0wnLab
 + Email: mrcl0wnlab\@\gmail.com

REF BIG-IP TMUI Remote Code Execution
https://engineeringjobs4u.co.uk/helping-to-protect-against-the-f5-tmui-rce-vulnerability https://packetstormsecurity.com/files/158333/BIG-IP-TMUI-Remote-Code-Execution.html https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5902

Warning

+------------------------------------------------------------------------------+
|  [!] Legal disclaimer: Usage of checker-CVE-2020-5902 for attacking          |
|  targets without prior mutual consent is illegal.                            |
|  It is the end user's responsibility to obey all applicable                  | 
|  local, state and federal laws.                                              |
|  Developers assume no liability and are not responsible for any misuse or    |
|  damage caused by this program                                               |
+------------------------------------------------------------------------------+

IP Scan / Range

Usage

$ python3.8 checker.py <ip_start> <ip_end>
$ python3.8 checker.py 192.168.15.1 192.168.15.86

Output

output.log
error.log

Download checker-CVE-2020-5902