BugZero found this defect 2011 days ago.
Data sources
All data on this page is proprietary to BugZero® or gathered from public sources
4/26/2024
BIG-IP
BIG-IP TMOS
13.1.4.1
13.1.5
13.1.5.1
14.1.0
14.1.0.1
14.1.0.2
14.1.0.3
14.1.0.5
14.1.0.6
14.1.2
14.1.2.1
14.1.2.2
No fixed releases provided.
Severity: 3-Major ... Symptoms ... With the administrator role, you have an option in TMUI to disable or restrict terminal access. ... If you disable or restrict access, the corresponding REST endpoint is neither disabled nor restricted. ... Impact ... Users with the Administrator role can obtain shell access via REST. ... With terminal access disabled: -- If you attempt to login using SSH, you will not be to do so. -- If you make a POST request to the /mgmt/tm/util/bash endpoint with a body that includes a command to run, that command will be run. ... With access to TMSH restricted: -- A POST request to the /mgmt/tm/util/bash endpoint that includes a body with a command to run will be run. ... Conditions ... Use TMUI as the admin, or as a user with the administrator role, and either of the following: -- Disable terminal access. -- Restrict access to TMSH. ... Workaround