_______ ________ ___ ___ ___ ___ _____ ___ ___ ___
/ ____\ \ / / ____| |__ \ / _ \__ \ / _ \ | ____/ _ \ / _ \__ \
| | \ \ / /| |__ ______ ) | | | | ) | | | |______| |__| (_) | | | | ) |
| | \ \/ / | __|______/ /| | | |/ /| | | |______|___ \\__, | | | |/ /
| |____ \ / | |____ / /_| |_| / /_| |_| | ___) | / /| |_| / /_
\_____| \/ |______| |____|\___/____|\___/ |____/ /_/ \___/____|
CVE-2020-5902-Scanner.py
@nsflabs
The F5 BIG-IP Traffic Management User Interface (TMUI), also referred to as the Configuration utility, has a Remote Code Execution (RCE) vulnerability.
This vulnerability allows for unauthenticated attackers, or authenticated users, with network access to the TMUI, through the BIG-IP management port and/or Self IPs, to execute arbitrary system commands, create or delete files, disable services, and/or execute arbitrary Java code.
This is to test if a single remote system is vulnerable to cve-2020-5902.
$ git clone https://github.com/nsflabs/CVE-2020-5902.git
$ cd CVE-2020-5902/
$ pip3 install -r requirements.txt
$ python3 cve-2020-5902_scanner.py targetip targetport