Vulnerabilities > CVE-2020-5858 - Unspecified vulnerability in F5 products
Attack vector
LOCAL Attack complexity
LOW Privileges required
LOW Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
On BIG-IP 15.0.0-15.0.1.2, 14.1.0-14.1.2.2, 13.1.0-13.1.3.2, 12.1.0-12.1.5, and 11.5.2-11.6.5.1 and BIG-IQ 7.0.0, 6.0.0-6.1.0, and 5.2.0-5.4.0, users with non-administrator roles (for example, Guest or Resource Administrator) with tmsh shell access can execute arbitrary commands with elevated privilege via a crafted tmsh command.
Vulnerable Configurations
Nessus
| NASL family | F5 Networks Local Security Checks |
| NASL id | F5_BIGIP_SOL36814487.NASL |
| description | Users with non-administrator roles (for example, Guest or Resource Administrator)with TMOS Shell ( tmsh ) access can run arbitrary commands with elevated privilege using a crafted tmsh command.(CVE-2020-5858) Impact BIG-IP andBIG-IQ This vulnerability allows unauthorized privileges to authenticated non-administrator users who have tmsh access. Traffix SDC There is no impact; these F5 products are not affected by this vulnerability. |
| last seen | 2020-04-04 |
| modified | 2020-03-27 |
| plugin id | 134958 |
| published | 2020-03-27 |
| reporter | This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. |
| source | https://www.tenable.com/plugins/nessus/134958 |
| title | F5 Networks BIG-IP : BIG-IP tmsh vulnerability (K36814487) |