¡¾Îó²îͨ¸æ¡¿F5 BIG-IPí§Òâ´úÂëÖ´ÐÐÎó²î£¨CVE-2023-22374£©

Ðû²¼Ê±¼ä 2023-02-03

0x00 Îó²î¸ÅÊö

CVE   ID

CVE-2023-22374

·¢Ã÷ʱ¼ä

2023-02-03

Àà    ÐÍ

í§Òâ´úÂëÖ´ÐÐ

µÈ    ¼¶

¸ßΣ

Ô¶³ÌʹÓÃ

ÊÇ

ËùÐèȨÏÞ

µÍ

¹¥»÷ÖØÆ¯ºó

¸ß

Óû§½»»¥

ÎÞ

PoC/EXP


ÔÚҰʹÓÃ


 

0x01 Îó²îÏêÇé

F5 NetworksÊÇÈ«Çò¹æÄ£ÄÚÓ¦Óý»¸¶ÍøÂ磨ADN£©ÁìÓòµÄ×ÅÃû³§ÉÌ£¬£¬£¬£¬£¬£¬£¬ÖÂÁ¦ÓÚ×ÊÖúÈ«Çò´óÐÍÆóÒµºÍЧÀÍÌṩÉÌʵÏÖÐéÄ⻯¡¢ÔÆÅÌËãºÍÎÞаµÄITӪҵЧÀÍ ¡£¡£¡£¡£

2ÔÂ1ÈÕ£¬£¬£¬£¬£¬£¬£¬F5Ðû²¼Ç徲ͨ¸æ£¬£¬£¬£¬£¬£¬£¬ÐÞ¸´ÁËBIG-IPÖеÄÒ»¸öí§Òâ´úÂëÖ´ÐÐÎó²î£¨CVE-2023-22374£©£¬£¬£¬£¬£¬£¬£¬ÆäCVSSv3ÆÀ·Ö×î¸ßΪ8.5£¬£¬£¬£¬£¬£¬£¬ÏÖÔÚ¸ÃÎó²îµÄϸ½ÚÒѹûÕæ ¡£¡£¡£¡£

F5 BIG-IP iControl SOAPÖб£´æÃûÌû¯×Ö·û´®Îó²î£¬£¬£¬£¬£¬£¬£¬¾­ÓÉÉí·ÝÑéÖ¤µÄÓû§¿ÉÒÔͨ¹ý BIG-IP ÖÎÀí¶Ë¿Ú»ò×ÔÉí IP µØµã¶Ô iControl SOAP ¾ÙÐÐÍøÂç»á¼û£¬£¬£¬£¬£¬£¬£¬´Ó¶øÔÚ iControl SOAP CGI Àú³ÌÉÏÔì³É¾Ü¾øÐ§ÀÍ (DoS) »ò¿ÉÄÜÖ´ÐÐí§ÒâϵͳÏÂÁî»ò´úÂ룻£»£»ÔÚBIG-IP×°±¸Ä£Ê½Ï£¬£¬£¬£¬£¬£¬£¬ÀÖ³ÉʹÓøÃÎó²î¿ÉÄܵ¼Ö¿çÔ½Çå¾²½çÏß ¡£¡£¡£¡£

 

Ó°Ïì¹æÄ£

±ê×¼°²ÅÅģʽ¡¢×°±¸Ä£Ê½ÏµÄBIG-IP£¨ËùÓÐÄ£¿£¿£¿£¿£¿£¿£¿é£©£º

F5 BIG-IP 17.x£º17.0.0

F5 BIG-IP 16.x£º16.1.2.2 - 16.1.3

F5 BIG-IP 15.x£º15.1.5.1 - 15.1.8

F5 BIG-IP 14.x£º14.1.4.6 - 14.1.5

F5 BIG-IP 13.x£º13.1.5

 

0x02 Çå¾²½¨Òé

ÏÖÔÚ¸ÃÎó²îÔÝÎÞ¿ÉÓò¹¶ ¡£¡£¡£¡£¬£¬£¬£¬£¬£¬£¬µ« F5 ÌåÏÖ¿ÉÒÔʹÓù¤³ÌÐÞ²¹³ÌÐò£¨²»°ü¹Ü¿ÉÓÃÐÔ£©£¬£¬£¬£¬£¬£¬£¬¿É²Î¿¼£º

https://my.f5.com/manage/s/article/K4918

ÔÝʱ»º½â²½·¥£º

l  ×ñÕÕ×î¼Ñʵ¼ùÀ´±£»£»£»¤¶ÔBIG-IPϵͳµÄÖÎÀí½Ó¿ÚºÍ×ÔÉíIPµØµãµÄ»á¼û£¬£¬£¬£¬£¬£¬£¬½«ÓÐÖúÓÚ×î´óÏ޶ȵØïÔÌ­¹¥»÷Ãæ ¡£¡£¡£¡£

l  ¹ØÓÚ BIG-IP ϵͳ£¬£¬£¬£¬£¬£¬£¬ÏÞÖÆ¶ÔϵͳµÄ iControl SOAP API µÄ»á¼û£¬£¬£¬£¬£¬£¬£¬Ö»ÔÊÐíÊÜÐÅÈεÄÓû§ ¡£¡£¡£¡£ÈôÊDz»Ê¹Óà iControl SOAP API£¬£¬£¬£¬£¬£¬£¬Ôò¿ÉÒÔͨ¹ý½« iControl SOAP API µÄÔÊÐíÁбíÉèÖÃΪ¿ÕÁбíÀ´Õ¥È¡ËùÓлá¼û ¡£¡£¡£¡£Îª´Ë£¬£¬£¬£¬£¬£¬£¬ÇëÖ´ÐÐÒÔϲÙ×÷£º

1.ͨ¹ýÊäÈëÒÔÏÂÏÂÁîµÇ¼µ½TMOS Shell£¨tmsh£© ¡£¡£¡£¡£

tmsh

2.ÊäÈëÒÔÏÂÏÂÁî´ÓÔÊÐíµÄµØµãÁбíÖÐɾ³ýËùÓÐIPµØµã»òIPµØµã¹æÄ£ ¡£¡£¡£¡£

modify /sys icontrol-soap allow replace-all-with { }

3.ͨ¹ýÊäÈëÒÔÏÂÏÂÁîÀ´ÉúÑĸü¸Ä ¡£¡£¡£¡£

save /sys config

×¢ÖØ£º

×èÖ¹ iControl SOAP IP µØµã½«×èÖ¹½«ÐÂ×°±¸Ìí¼Óµ½×°±¸ÐÅÈÎ ¡£¡£¡£¡£

BIG-IQ²»ÊܸÃÎó²îÓ°Ïì ¡£¡£¡£¡£

 

0x03 ²Î¿¼Á´½Ó

https://my.f5.com/manage/s/article/K000130415

https://www.rapid7.com/blog/post/2023/02/01/cve-2023-22374-f5-big-ip-format-string-vulnerability/

 

0x04 °æ±¾ÐÅÏ¢

°æ±¾

ÈÕÆÚ

ÐÞ¸ÄÄÚÈÝ

V1.0

2023-02-03

Ê×´ÎÐû²¼

 

0x05 ¸½Â¼

¼øºÚµ£±£Íø¼ò½é

¼øºÚµ£±£Íø½¨ÉèÓÚ1996Ä꣬£¬£¬£¬£¬£¬£¬ÊÇÓÉÁôÃÀ²©Ê¿ÑÏÍû¼ÑŮʿ½¨ÉèµÄ¡¢ÓµÓÐÍêÈ«×ÔÖ÷֪ʶ²úȨµÄÐÅÏ¢Çå¾²¸ß¿Æ¼¼ÆóÒµ ¡£¡£¡£¡£ÊǺ£ÄÚ×î¾ßʵÁ¦µÄÐÅÏ¢Çå¾²²úÆ·¡¢Ç徲ЧÀͽâ¾ö¼Æ»®µÄÁ캽ÆóÒµÖ®Ò» ¡£¡£¡£¡£

¹«Ë¾×ܲ¿Î»ÓÚ±±¾©ÊÐÖйشåÈí¼þÔ°¼øºÚµ£±£Íø´óÏ㬣¬£¬£¬£¬£¬£¬¹«Ë¾Ô±¹¤6000ÓàÈË£¬£¬£¬£¬£¬£¬£¬Ñз¢ÍŶÓ1200ÓàÈË, ÊÖÒÕЧÀÍÍŶÓ1300ÓàÈË ¡£¡£¡£¡£ÔÚÌìϸ÷Ê¡¡¢ÊС¢×ÔÖÎÇøÉèÁ¢·ÖÖ§»ú¹¹ÁùÊ®¶à¸ö£¬£¬£¬£¬£¬£¬£¬ÓµÓÐÁýÕÖÌìϵÄÏúÊÛϵͳ¡¢ÇþµÀϵͳºÍÊÖÒÕÖ§³Öϵͳ ¡£¡£¡£¡£¹«Ë¾ÓÚ2010Äê6ÔÂ23ÈÕÔÚÉîÛÚÖÐС°å¹ÒÅÆÉÏÊÐ ¡£¡£¡£¡££¨¹ÉƱ´úÂ룺002439£©

¶àÄêÀ´£¬£¬£¬£¬£¬£¬£¬¼øºÚµ£±£ÍøÖÂÁ¦ÓÚÌṩ¾ßÓйú¼Ê¾ºÕùÁ¦µÄ×ÔÖ÷Á¢ÒìµÄÇå¾²²úÆ·ºÍ×î¼Ñʵ¼ùЧÀÍ£¬£¬£¬£¬£¬£¬£¬×ÊÖú¿Í»§ÖÜÈ«ÌáÉýÆäIT»ù´¡ÉèÊ©µÄÇå¾²ÐÔºÍÉú²úЧÄÜ£¬£¬£¬£¬£¬£¬£¬Îª´òÔìºÍÌáÉý¹ú¼Ê»¯µÄÃñ×åÐÅÏ¢Çå¾²¹¤ÒµÁì¾üÆ·ÅÆ¶ø²»Ð¸Æð¾¢ ¡£¡£¡£¡£


¹ØÓÚ¼øºÚµ£±£Íø

¼øºÚµ£±£ÍøÇå¾²Ó¦¼±ÏìÓ¦ÖÐÐÄÖ÷ÒªÕë¶ÔÖ÷ÒªÇå¾²Îó²îµÄÔ¤¾¯¡¢¸ú×ٺͷÖÏíÈ«Çò×îеÄÍþвÇ鱨ºÍÇå¾²±¨¸æ ¡£¡£¡£¡£

¹Ø×¢ÒÔϹ«Öںţ¬£¬£¬£¬£¬£¬£¬»ñȡȫÇò×îÐÂÇå¾²×ÊѶ£º

image.png