Operational Defect Database
BugZero found this defect 2011 days ago.
Data sources
All data on this page is proprietary to BugZero® or gathered from public sources
F5 | 737739
Bash shell still accessible for admin even if disabled
Last update date:
4/26/2024
Affected products:
BIG-IP
BIG-IP TMOS
Affected releases:
13.1.4.1
13.1.5
13.1.5.1
14.1.0
14.1.0.1
14.1.0.2
14.1.0.3
14.1.0.5
14.1.0.6
14.1.2
14.1.2.1
14.1.2.2
Fixed releases:
No fixed releases provided.
Description:
Severity: 3-Major ... Symptoms ... With the administrator role, you have an option in TMUI to disable or restrict terminal access. ... If you disable or restrict access, the corresponding REST endpoint is neither disabled nor restricted. ... Impact ... Users with the Administrator role can obtain shell access via REST. ... With terminal access disabled: -- If you attempt to login using SSH, you will not be to do so. -- If you make a POST request to the /mgmt/tm/util/bash endpoint with a body that includes a command to run, that command will be run. ... With access to TMSH restricted: -- A POST request to the /mgmt/tm/util/bash endpoint that includes a body with a command to run will be run. ... Conditions ... Use TMUI as the admin, or as a user with the administrator role, and either of the following: -- Disable terminal access. -- Restrict access to TMSH. ... Workaround
