'; } else{ echo ''; } echo 'Hillstone Networks'; } elseif ($_SERVER[HTTP_HOST] == "update1.huaantech.com.cn") { echo ''; echo 'huaantech'; } elseif ($_SERVER[HTTP_HOST] == "update1.dcnetworks.com.cn") { echo ''; echo 'dcnetworks'; } elseif ($_SERVER[HTTP_HOST] == "update1.w-ibeda.com") { if (false===strpos($_SERVER[REQUEST_URI],"/en/")) echo ''; else echo ''; echo 'w-ibeda'; } elseif ($_SERVER[HTTP_HOST] == "update1.hp-telecom.com") { echo ''; echo 'hp-telecom'; } elseif ($_SERVER[HTTP_HOST] == "update1.maipu.com") { echo ''; echo 'Maipu'; } elseif ($_SERVER[HTTP_HOST] == "update1.ncurity.com") { echo ''; echo 'Ncurity'; } elseif ($_SERVER[HTTP_HOST] == "update1.socusnetwork.com") { echo ''; echo 'Socusnetwork'; } else{ echo ''; echo 'Hillstone Networks'; } ?>
 
   
 

vul_other:ft_big-ip_tmui_dir_traversal_and_rce_vul(Rule ID:1070310144)

Release Date2025/9/15

Rule NameF5 BIG-IP TMUI Directory Traversal and Remote Code Execution Vulnerability (CVE-2020-5902)

Severity:critical

CVE IDCVE-2020-5902

 

Descripiton

F5 BIG-IP is an application delivery platform of American F5 company that integrates network traffic management, application security management, load balancing and other functions. There are security vulnerabilities in F5 BIG-IP. Attackers can use this vulnerability to execute arbitrary system commands, create or delete files, close services/execute arbitrary Java code, and may completely invade the system. The following products and versions are affected: F5 BIG-IP version 15.1.0, version 15.0.0, version 14.1.0 to version 14.1.2, version 13.1.0 to version 13.1.3, version 12.1.0 to version 12.1.5 , Version 11.6.1 to version 11.6.5. This rule supports to defend the A6: Vulnerable and Outdated Components of OWASP Top 10 - 2021.
Other reference:None

 

Solution

Update vendor patches.