¡¾Îó²îͨ¸æ¡¿F5 BIG-IPí§Òâ´úÂëÖ´ÐÐÎó²î£¨CVE-2023-22374£©
Ðû²¼Ê±¼ä 2023-02-030x00 Îó²î¸ÅÊö
CVE ID | CVE-2023-22374 | ·¢Ã÷ʱ¼ä | 2023-02-03 |
Àà ÐÍ | í§Òâ´úÂëÖ´ÐÐ | µÈ ¼¶ | ¸ßΣ |
Ô¶³ÌʹÓà | ÊÇ | ËùÐèȨÏÞ | µÍ |
¹¥»÷ÖØÆ¯ºó | ¸ß | Óû§½»»¥ | ÎÞ |
PoC/EXP | ÔÚҰʹÓà |
0x01 Îó²îÏêÇé
F5 NetworksÊÇÈ«Çò¹æÄ£ÄÚÓ¦Óý»¸¶ÍøÂ磨ADN£©ÁìÓòµÄ×ÅÃû³§ÉÌ£¬£¬£¬£¬£¬£¬£¬ÖÂÁ¦ÓÚ×ÊÖúÈ«Çò´óÐÍÆóÒµºÍЧÀÍÌṩÉÌʵÏÖÐéÄ⻯¡¢ÔÆÅÌËãºÍÎÞаµÄITӪҵЧÀÍ¡£¡£¡£¡£
2ÔÂ1ÈÕ£¬£¬£¬£¬£¬£¬£¬F5Ðû²¼Ç徲ͨ¸æ£¬£¬£¬£¬£¬£¬£¬ÐÞ¸´ÁËBIG-IPÖеÄÒ»¸öí§Òâ´úÂëÖ´ÐÐÎó²î£¨CVE-2023-22374£©£¬£¬£¬£¬£¬£¬£¬ÆäCVSSv3ÆÀ·Ö×î¸ßΪ8.5£¬£¬£¬£¬£¬£¬£¬ÏÖÔÚ¸ÃÎó²îµÄϸ½ÚÒѹûÕæ¡£¡£¡£¡£
F5 BIG-IP iControl SOAPÖб£´æÃûÌû¯×Ö·û´®Îó²î£¬£¬£¬£¬£¬£¬£¬¾ÓÉÉí·ÝÑéÖ¤µÄÓû§¿ÉÒÔͨ¹ý BIG-IP ÖÎÀí¶Ë¿Ú»ò×ÔÉí IP µØµã¶Ô iControl SOAP ¾ÙÐÐÍøÂç»á¼û£¬£¬£¬£¬£¬£¬£¬´Ó¶øÔÚ iControl SOAP CGI Àú³ÌÉÏÔì³É¾Ü¾øÐ§ÀÍ (DoS) »ò¿ÉÄÜÖ´ÐÐí§ÒâϵͳÏÂÁî»ò´úÂ룻£»£»ÔÚBIG-IP×°±¸Ä£Ê½Ï£¬£¬£¬£¬£¬£¬£¬ÀÖ³ÉʹÓøÃÎó²î¿ÉÄܵ¼Ö¿çÔ½Çå¾²½çÏß¡£¡£¡£¡£
Ó°Ïì¹æÄ£
±ê×¼°²ÅÅģʽ¡¢×°±¸Ä£Ê½ÏµÄBIG-IP£¨ËùÓÐÄ£¿£¿£¿£¿£¿£¿£¿é£©£º
F5 BIG-IP 17.x£º17.0.0
F5 BIG-IP 16.x£º16.1.2.2 - 16.1.3
F5 BIG-IP 15.x£º15.1.5.1 - 15.1.8
F5 BIG-IP 14.x£º14.1.4.6 - 14.1.5
F5 BIG-IP 13.x£º13.1.5
0x02 Çå¾²½¨Òé
ÏÖÔÚ¸ÃÎó²îÔÝÎÞ¿ÉÓò¹¶¡£¡£¡£¡£¬£¬£¬£¬£¬£¬£¬µ« F5 ÌåÏÖ¿ÉÒÔʹÓù¤³ÌÐÞ²¹³ÌÐò£¨²»°ü¹Ü¿ÉÓÃÐÔ£©£¬£¬£¬£¬£¬£¬£¬¿É²Î¿¼£º
https://my.f5.com/manage/s/article/K4918
ÔÝʱ»º½â²½·¥£º
l ×ñÕÕ×î¼Ñʵ¼ùÀ´±£»£»£»¤¶ÔBIG-IPϵͳµÄÖÎÀí½Ó¿ÚºÍ×ÔÉíIPµØµãµÄ»á¼û£¬£¬£¬£¬£¬£¬£¬½«ÓÐÖúÓÚ×î´óÏ޶ȵØïÔ̹¥»÷Ãæ¡£¡£¡£¡£
l ¹ØÓÚ BIG-IP ϵͳ£¬£¬£¬£¬£¬£¬£¬ÏÞÖÆ¶ÔϵͳµÄ iControl SOAP API µÄ»á¼û£¬£¬£¬£¬£¬£¬£¬Ö»ÔÊÐíÊÜÐÅÈεÄÓû§¡£¡£¡£¡£ÈôÊDz»Ê¹Óà iControl SOAP API£¬£¬£¬£¬£¬£¬£¬Ôò¿ÉÒÔͨ¹ý½« iControl SOAP API µÄÔÊÐíÁбíÉèÖÃΪ¿ÕÁбíÀ´Õ¥È¡ËùÓлá¼û¡£¡£¡£¡£Îª´Ë£¬£¬£¬£¬£¬£¬£¬ÇëÖ´ÐÐÒÔϲÙ×÷£º
1.ͨ¹ýÊäÈëÒÔÏÂÏÂÁîµÇ¼µ½TMOS Shell£¨tmsh£©¡£¡£¡£¡£
tmsh
2.ÊäÈëÒÔÏÂÏÂÁî´ÓÔÊÐíµÄµØµãÁбíÖÐɾ³ýËùÓÐIPµØµã»òIPµØµã¹æÄ£¡£¡£¡£¡£
modify /sys icontrol-soap allow replace-all-with { }
3.ͨ¹ýÊäÈëÒÔÏÂÏÂÁîÀ´ÉúÑĸü¸Ä¡£¡£¡£¡£
save /sys config
×¢ÖØ£º
×èÖ¹ iControl SOAP IP µØµã½«×èÖ¹½«ÐÂ×°±¸Ìí¼Óµ½×°±¸ÐÅÈΡ£¡£¡£¡£
BIG-IQ²»ÊܸÃÎó²îÓ°Ïì¡£¡£¡£¡£
0x03 ²Î¿¼Á´½Ó
https://my.f5.com/manage/s/article/K000130415
https://www.rapid7.com/blog/post/2023/02/01/cve-2023-22374-f5-big-ip-format-string-vulnerability/
0x04 °æ±¾ÐÅÏ¢
°æ±¾ | ÈÕÆÚ | ÐÞ¸ÄÄÚÈÝ |
V1.0 | 2023-02-03 | Ê×´ÎÐû²¼ |
0x05 ¸½Â¼
¼øºÚµ£±£Íø¼ò½é
¼øºÚµ£±£Íø½¨ÉèÓÚ1996Ä꣬£¬£¬£¬£¬£¬£¬ÊÇÓÉÁôÃÀ²©Ê¿ÑÏÍû¼ÑŮʿ½¨ÉèµÄ¡¢ÓµÓÐÍêÈ«×ÔÖ÷֪ʶ²úȨµÄÐÅÏ¢Çå¾²¸ß¿Æ¼¼ÆóÒµ¡£¡£¡£¡£ÊǺ£ÄÚ×î¾ßʵÁ¦µÄÐÅÏ¢Çå¾²²úÆ·¡¢Ç徲ЧÀͽâ¾ö¼Æ»®µÄÁ캽ÆóÒµÖ®Ò»¡£¡£¡£¡£
¹«Ë¾×ܲ¿Î»ÓÚ±±¾©ÊÐÖйشåÈí¼þÔ°¼øºÚµ£±£Íø´óÏ㬣¬£¬£¬£¬£¬£¬¹«Ë¾Ô±¹¤6000ÓàÈË£¬£¬£¬£¬£¬£¬£¬Ñз¢ÍŶÓ1200ÓàÈË, ÊÖÒÕЧÀÍÍŶÓ1300ÓàÈË¡£¡£¡£¡£ÔÚÌìϸ÷Ê¡¡¢ÊС¢×ÔÖÎÇøÉèÁ¢·ÖÖ§»ú¹¹ÁùÊ®¶à¸ö£¬£¬£¬£¬£¬£¬£¬ÓµÓÐÁýÕÖÌìϵÄÏúÊÛϵͳ¡¢ÇþµÀϵͳºÍÊÖÒÕÖ§³Öϵͳ¡£¡£¡£¡£¹«Ë¾ÓÚ2010Äê6ÔÂ23ÈÕÔÚÉîÛÚÖÐС°å¹ÒÅÆÉÏÊС£¡£¡£¡££¨¹ÉƱ´úÂ룺002439£©
¶àÄêÀ´£¬£¬£¬£¬£¬£¬£¬¼øºÚµ£±£ÍøÖÂÁ¦ÓÚÌṩ¾ßÓйú¼Ê¾ºÕùÁ¦µÄ×ÔÖ÷Á¢ÒìµÄÇå¾²²úÆ·ºÍ×î¼Ñʵ¼ùЧÀÍ£¬£¬£¬£¬£¬£¬£¬×ÊÖú¿Í»§ÖÜÈ«ÌáÉýÆäIT»ù´¡ÉèÊ©µÄÇå¾²ÐÔºÍÉú²úЧÄÜ£¬£¬£¬£¬£¬£¬£¬Îª´òÔìºÍÌáÉý¹ú¼Ê»¯µÄÃñ×åÐÅÏ¢Çå¾²¹¤ÒµÁì¾üÆ·ÅÆ¶ø²»Ð¸Æð¾¢¡£¡£¡£¡£
¹ØÓÚ¼øºÚµ£±£Íø
¼øºÚµ£±£ÍøÇå¾²Ó¦¼±ÏìÓ¦ÖÐÐÄÖ÷ÒªÕë¶ÔÖ÷ÒªÇå¾²Îó²îµÄÔ¤¾¯¡¢¸ú×ٺͷÖÏíÈ«Çò×îеÄÍþвÇ鱨ºÍÇå¾²±¨¸æ¡£¡£¡£¡£
¹Ø×¢ÒÔϹ«Öںţ¬£¬£¬£¬£¬£¬£¬»ñȡȫÇò×îÐÂÇå¾²×ÊѶ£º