4 lines
No EOL
830 B
Text
4 lines
No EOL
830 B
Text
When configured in a high availability mode, the F5 solution suffers from an unauthenticated rsync access vulnerability that can be leveraged to upload a malicious SSH key and gain remote root access to the appliance.
|
|
The BigIP platform configures an rsync daemon listening on the ConfigSync interfaces when the system is configured in a failover mode. The rsync daemon as currently configured does not require any authentication and the “cmi” module has complete read/write access to the system. If the ConfigSync IP addresses are accessible by a malicious third party, it is possible to upload an authorized_keys file directly into the /var/ssh/root directory and then open a root SSH session on the f5 device.
|
|
|
|
Advisory: https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/bin-sploits/34465.pdf |