Nov. 14, 2023, 1:11 a.m. |

Packet Storm packetstormsecurity.com

This Metasploit module exploits a directory traversal in F5's BIG-IP Traffic Management User Interface (TMUI) to upload a shell script and execute it as the Unix root user. Unix shell access is obtained by escaping the restricted Traffic Management Shell (TMSH). The escape may not be reliable, and you may have to run the exploit multiple times. Versions 11.6.1-11.6.5, 12.1.0-12.1.5, 13.1.0-13.1.3, 14.1.0-14.1.2, 15.0.0, and 15.1.0 are known to be vulnerable. Fixes were introduced in 11.6.5.2, 12.1.5.2, 13.1.3.4, 14.1.2.6, and 15.1.0.4. …

access big big-ip code code execution directory directory traversal escape exploits file file upload interface management may metasploit restricted root script shell shell script traffic traffic management unix upload user interface

Information Security Engineers

@ D. E. Shaw Research | New York City

Security Operations Analyst | Connected Technology Group

@ KPMG Australia | Melbourne, Australia

Database Security Engineer Lead, Vice President

@ MUFG | Tampa - 4050 West Boy Scout Blvd.

Consultant, Offensive Security, Cyber Risk

@ Kroll | New Delhi, India

Ethical hacker / Pentester H/F

@ Hifield | Sèvres, France

Digital Trust Cyber Transformation Consultant

@ KPMG India | Mumbai, Maharashtra, India