Vulnerability BDU:2025-02003 - Russian Vulnerability Scanner Database

Scores

EPSS

0.000none0.0%

0%20%40%60%80%100%

Percentile: 0.0%

CVSS

8.8high3.x

0246810

CVSS Score: 8.8/10

All CVSS Scores

CVSS 3.x

8.8

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS 2.0

9.0

Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C

Description

Уязвимость утилиты конфигурации TMOS Shell (tmsh) интерфейса IControl REST редства контроля доступа и удаленной аутентификации BIG-IP Access Policy Manager, а также программных средств, BIG-IP Advanced Firewall Manager, BIG-IP Advanced Web Application Firewall, BIG-IP Analytics, BIG-IP Application Acceleration Manager, BIG-IP Application Security Manager, BIG-IP Application Visibility and Reporting (AVR), BIG-IP Camer-Grade NAT (CGNAT), BIG-IP DDos Hybrid Defender, BIG-IP Domain Name System, BIG-IP Edge Gateway, BIG-IP Fraud Protection Service, BIG-IP Global Traffic Manager, BIG-IP Link Controller, BIG-IP Local Traffic Manager, BIG-IP Policy Inforcement Manager, BIG-IP SSL Orchestrator, BIG-IP Webaccelerator, BIG-IP WebSafe существует из-за непринятия мер по нейтрализации специальных элементов. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, выполнять произвольные команды

Sources

bdu

Related Vulnerabilities

CVE-2025-20029

Exploits

Exploit ID: CVE-2025-20029

Source: github-poc

URL: https://github.com/schoi1337/CVE-2025-20029-simulation

Reference Links

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2025-20029

https://my.f5.com/manage/s/article/K000148587

https://github.com/mbadanoiu/CVE-2025-20029?tab=readme-ov-file

https://github.com/mbadanoiu/CVE-2025-20029/blob/main/F5%20-%20CVE-2025-20029.pdf

Recommendations

Source: bdu

Установка обновлений из доверенных источников.
В связи со сложившейся обстановкой и введенными санкциями против Российской Федерации рекомендуется устанавливать обновления программного обеспечения только после оценки всех сопутствующих рисков.

Компенсирующие меры:
- использование «белого» списка IP-адресов для организации доступа к уязвимому программному обеспечению;
- блокирование доступа к утилите tmsh;
- ограничение доступа к интерфейсу IControl REST;
- использование средств обнаружения и предотвращения вторжений для контроля сетевого трафика по 22 , 443 и 8443 TCP-портам;
- отключение/удаление неиспользуемых учётных записей пользователей;
- минимизация пользовательских привилегий.

Использование рекомендаций производителя:
https://my.f5.com/manage/s/article/K000148587

URL: https://bdu.fstec.ru/vul/2025-02003

Vulnerable Software (57)

Type: Configuration

Vendor: f5 networks, inc.

Product: big-ip access policy manager

Operating System: * *

Trait:

{  "version_end_excluding": "17.2.1"}

Source: bdu

Type: Configuration

Vendor: f5 networks, inc.

Product: big-ip access policy manager

Operating System: * *

Trait:

{  "version_end_excluding": "16.1.5.2"}

Source: bdu

Type: Configuration

Vendor: f5 networks, inc.

Product: big-ip access policy manager

Operating System: * *

Trait:

{  "version_end_excluding": "15.1.10.6"}

Source: bdu

Type: Configuration

Vendor: f5 networks, inc.

Product: big-ip advanced firewall manager

Operating System: * *

Trait:

{  "version_end_excluding": "17.1.2.1"}

Source: bdu

Type: Configuration

Vendor: f5 networks, inc.

Product: big-ip advanced firewall manager

Operating System: * *

Trait:

{  "version_end_excluding": "16.1.5.2"}

Source: bdu

Type: Configuration

Vendor: f5 networks, inc.

Product: big-ip advanced firewall manager

Operating System: * *

Trait:

{  "version_end_excluding": "15.1.10.6"}

Source: bdu

Type: Configuration

Vendor: f5 networks, inc.

Product: big-ip advanced web application firewall

Operating System: * *

Trait:

{  "version_end_excluding": "17.1.2.1"}

Source: bdu

Type: Configuration

Vendor: f5 networks, inc.

Product: big-ip advanced web application firewall

Operating System: * *

Trait:

{  "version_end_excluding": "16.1.5.2"}

Source: bdu

Type: Configuration

Vendor: f5 networks, inc.

Product: big-ip advanced web application firewall

Operating System: * *

Trait:

{  "version_end_excluding": "15.1.10.6"}

Source: bdu

Type: Configuration

Vendor: f5 networks, inc.

Product: big-ip analytics

Operating System: * *

Trait:

{  "version_end_excluding": "15.1.10.6"}

Source: bdu

Type: Configuration

Vendor: f5 networks, inc.

Product: big-ip analytics

Operating System: * *

Trait:

{  "version_end_excluding": "17.1.2.1"}

Source: bdu

Type: Configuration

Vendor: f5 networks, inc.

Product: big-ip analytics

Operating System: * *

Trait:

{  "version_end_excluding": "16.1.5.2"}

Source: bdu

Type: Configuration

Vendor: f5 networks, inc.

Product: big-ip application acceleration manager

Operating System: * *

Trait:

{  "version_end_excluding": "15.1.10.6"}

Source: bdu

Type: Configuration

Vendor: f5 networks, inc.

Product: big-ip application acceleration manager

Operating System: * *

Trait:

{  "version_end_excluding": "17.1.2.1"}

Source: bdu

Type: Configuration

Vendor: f5 networks, inc.

Product: big-ip application acceleration manager

Operating System: * *

Trait:

{  "version_end_excluding": "16.1.5.2"}

Source: bdu

Type: Configuration

Vendor: f5 networks, inc.

Product: big-ip application security manager

Operating System: * *

Trait:

{  "version_end_excluding": "16.1.5.2"}

Source: bdu

Type: Configuration

Vendor: f5 networks, inc.

Product: big-ip application security manager

Operating System: * *

Trait:

{  "version_end_excluding": "15.1.10.6"}

Source: bdu

Type: Configuration

Vendor: f5 networks, inc.

Product: big-ip application security manager

Operating System: * *

Trait:

{  "version_end_excluding": "17.1.2.1"}

Source: bdu

Type: Configuration

Vendor: f5 networks, inc.

Product: big-ip application visibility and reporting (avr)

Operating System: * *

Trait:

{  "version_end_excluding": "17.1.2.1"}

Source: bdu

Type: Configuration

Vendor: f5 networks, inc.

Product: big-ip application visibility and reporting (avr)

Operating System: * *

Trait:

{  "version_end_excluding": "16.1.5.2"}

Source: bdu

Russian Vulnerability Scanner Database

BDU:2025-02003

Scores

EPSS

CVSS

All CVSS Scores

Vector Breakdown

CVSS

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact

Vector Breakdown

CVSS

Attack Vector

Attack Complexity

Authentication

Confidentiality Impact

Integrity Impact

Availability Impact

Description

Scaner-VS 7 — a modern vulnerability management solution

Sources

Related Vulnerabilities

Exploits

Reference Links

Recommendations

Vulnerable Software (57)