CVE-2022-26340 - Incorrect Permission Assignment for Critical Resource

Severity

49%

Complexity

12%

Confidentiality

60%

On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, and F5 BIG-IQ Centralized Management all versions of 8.x and 7.x, an authenticated, high-privileged attacker with no bash access may be able to access Certificate and Key files using Secure Copy (SCP) protocol from a remote system. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

CVSS 3.1 Base Score 4.9. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N).

CVSS 2.0 Base Score 4. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N).

Demo Examples

Incorrect Permission Assignment for Critical Resource

CWE-732

The following code sets the umask of the process to 0 before creating a file and writing "Hello world" into the file.


               
}/* Ignore CWE-59 (link following) for brevity */
fclose(out);

After running this program on a UNIX system, running the "ls -l" command might return the following output:


               
-rw-rw-rw- 1 username 13 Nov 24 17:58 hello.out

The "rw-rw-rw-" string indicates that the owner, group, and world (all users) can read the file and write to it.

Incorrect Permission Assignment for Critical Resource

CWE-732

This code creates a home directory for a new user, and makes that user the owner of the directory. If the new directory cannot be owned by the user, the directory is deleted.


               
}
return true;
return false;
return false;

Because the optional "mode" argument is omitted from the call to mkdir(), the directory is created with the default permissions 0777. Simply setting the new user as the owner of the directory does not explicitly change the permissions of the directory, leaving it with the default. This default allows any user to read and write to the directory, allowing an attack on the user's files. The code also fails to change the owner group of the directory, which may result in access by unexpected groups.

This code may also be vulnerable to Path Traversal (CWE-22) attacks if an attacker supplies a non alphanumeric username.

Incorrect Permission Assignment for Critical Resource

CWE-732

The following code snippet might be used as a monitor to periodically record whether a web site is alive. To ensure that the file can always be modified, the code uses chmod() to make the file world-writable.


               
close($outFH);
chmod 0777, $fileName;
ExitError("Couldn't append to $fileName: $!");

The first time the program runs, it might create a new file that inherits the permissions from its environment. A file listing might look like:


               
-rw-r--r-- 1 username 13 Nov 24 17:58 secretFile.out

This listing might occur when the user has a default umask of 022, which is a common setting. Depending on the nature of the file, the user might not have intended to make it readable by everyone on the system.

The next time the program runs, however - and all subsequent executions - the chmod will set the file's permissions so that the owner, group, and world (all users) can read the file and write to it:


               
-rw-rw-rw- 1 username 13 Nov 24 17:58 secretFile.out

Perhaps the programmer tried to do this because a different process uses different permissions that might prevent the file from being updated.

Incorrect Permission Assignment for Critical Resource

CWE-732

The following command recursively sets world-readable permissions for a directory and all of its children:


               
chmod -R ugo+r DIRNAME

If this command is run from a program, the person calling the program might not expect that all the files under the directory will be world-readable. If the directory is expected to contain private data, this could become a security problem.

Overview

Type

F5

First reported 2 years ago

2022-05-05 17:15:00

Last updated 2 years ago

2022-05-13 15:32:00

Affected Software

F5 Networks BIG-IP Local Traffic Manager 11.6.1

11.6.1

F5 Big-IP Local Traffic Manager (LTM) 12.1.2

12.1.2

F5 BIG-IP Advanced Firewall Manager (AFM) 12.1.0

12.1.0

F5 Big-IP Access Policy Manager (APM) 12.1.2

12.1.2

F5 Networks BIG-IP Global Traffic Manager 11.6.1

11.6.1

F5 Big-IP Domain Name System (DNS) 12.1.2

12.1.2

F5 BIG-IP Policy Enforcement Manager (PEM) 12.1.1

12.1.1

F5 Big-IP Policy Enforcement Manager (PEM) 12.1.2

12.1.2

F5 Big-IP Advanced Firewall Manager (AFM) 12.1.2

12.1.2

F5 BIG-IP Application Security Manager (ASM) 12.1.1

12.1.1

F5 BIG-IP Access Policy Manager (APM) 12.1.0

12.1.0

F5 BIG-IP Access Policy Manager (APM) 12.1.1

12.1.1

F5 Networks BIG-IP Advanced Firewall Manager 11.6.1

11.6.1

F5 BIG-IP Advanced Firewall Manager (AFM) 12.1.1

12.1.1

F5 Networks BIG-IP Analytics 11.6.1

11.6.1

F5 BIG-IP Analytics 12.1.0

12.1.0

F5 Big-IP Analytics 12.1.2

12.1.2

F5 Networks BIG-IP Application Acceleration Manager 11.6.1

11.6.1

F5 Networks BIG-IP Application Acceleration Manager 12.1.0

12.1.0

F5 BIG-IP Application Acceleration Manager (AAM) 12.1.1

12.1.1

F5 Big-IP Application Acceleration Manager (AAM) 12.1.2

12.1.2

F5 Networks BIG-IP Application Security Manager 11.6.1

11.6.1

F5 BIG-IP Application Security Manager (ASM) 12.1.0

12.1.0

F5 BIG-IP Domain Name System (DNS) 12.1.0

12.1.0

F5 Networks BIG-IP Link Controller 11.6.1

11.6.1

F5 BIG-IP Link Controller 12.1.0

12.1.0

F5 BIG-IP Link Controller 12.1.1

12.1.1

F5 Big-IP Link Controller 12.1.2

12.1.2

F5 BIG-IP Local Traffic Manager (LTM) 12.1.0

12.1.0

F5 Networks BIG-IP Policy Enforcement Manager 11.6.1

11.6.1

F5 Networks BIG-IP Access Policy Manager 11.6.1

11.6.1

F5 Big-IP Access Policy Manager (APM) 13.1.0

13.1.0

F5 BIG-IP Access Policy Manager (APM) 14.1.0

14.1.0

F5 Big-IP Advanced Firewall Manager (AFM) 13.1.0

13.1.0

F5 BIG-IP Advanced Firewall Manager 14.1.0

14.1.0

F5 BIG-IP Advanced Firewall Manager (AFM) 15.1.0

15.1.0

F5 BIG-IP Analytics 12.1.1

12.1.1

F5 Big-IP Analytics 13.1.0

13.1.0

F5 BIG-IP Analytics 14.1.0

14.1.0

F5 Big-IP Application Acceleration Manager (AAM) 13.1.0

13.1.0

F5 BIG-IP Application Acceleration Manager 14.1.0

14.1.0

F5 BIG-IP Application Acceleration Manager (AAM) 15.1.0

15.1.0

F5 Big-IP Application Security Manager (ASM) 12.1.2

12.1.2

F5 Big-IP Application Security Manager (ASM) 13.1.0

13.1.0

F5 BIG-IP Application Security Manager 14.1.0

14.1.0

F5 BIG-IP Domain Name System 11.6.1

11.6.1

F5 BIG-IP Domain Name System (DNS) 12.1.1

12.1.1

F5 Big-IP Domain Name System (DNS) 13.1.0

13.1.0

F5 BIG-IP Domain Name System 14.1.0

14.1.0

F5 Big-IP Fraud Protection Service (FPS) 11.6.1

11.6.1

F5 Big-IP Fraud Protection Service (FPS) 12.1.0

12.1.0

F5 Big-IP Fraud Protection Service (FPS) 13.1.0

13.1.0

F5 BIG-IP Fraud Protection Service 14.1.0

14.1.0

F5 BIG-IP Global Traffic Manager 12.1.0

12.1.0

F5 BIG-IP Global Traffic Manager 12.1.1

12.1.1

F5 BIG-IP Global Traffic Manager 12.1.2

12.1.2

F5 Big-IP Global Traffic Manager (GTM) 13.1.0

13.1.0

F5 BIG-IP Global Traffic Manager 14.1.0

14.1.0

F5 Big-IP Link Controller 13.1.0

13.1.0

F5 BIG-IP Link Controller 14.1.0

14.1.0

F5 BIG-IP Local Traffic Manager (LTM) 12.1.1

12.1.1

F5 Big-IP Local Traffic Manager (LTM) 13.1.0

13.1.0

F5 BIG-IP Local Traffic Manager 14.1.0

14.1.0

F5 BIG-IP Local Traffic Manager (LTM) 15.1.0

15.1.0

F5 Networks BIG-IP Policy Enforcement Manager (PEM) 11.6.2

11.6.2

F5 BIG-IP Policy Enforcement Manager (PEM) 12.1.0

12.1.0

F5 Networks BIG-IP Policy Enforcement Manager (PEM) 12.1.3

12.1.3

F5 Big-IP Policy Enforcement Manager (PEM) 13.1.0

13.1.0

F5 BIG-IP Policy Enforcement Manager 14.1.0

14.1.0

F5 Big-IP Access Policy Manager (APM) 11.6.2

11.6.2

F5 Big-IP Access Policy Manager (APM) 11.6.3

11.6.3

F5 BIG-IP Access Policy Manager (APM) 11.6.4

11.6.4

F5 Big-IP Access Policy Manager (APM) 11.6.5

11.6.5

F5 Big-IP Access Policy Manager (APM) 12.1.3

12.1.3

F5 BIG-IP Access Policy Manager (APM) 12.1.4

12.1.4

F5 Big-IP Access Policy Manager (APM) 12.1.5

12.1.5

F5 Big-IP Access Policy Manager (APM) 13.1.1

13.1.1

F5 BIG-IP Access Policy Manager (APM) 13.1.3

13.1.3

F5 Big-IP Access Policy Manager (APM) 14.1.2

14.1.2

F5 BIG-IP Access Policy Manager (APM) 15.1.0

15.1.0

F5 Big-IP Advanced Firewall Manager (AFM) 11.6.2

11.6.2

F5 Big-IP Advanced Firewall Manager (AFM) 11.6.3

11.6.3

F5 BIG-IP Advanced Firewall Manager (AFM) 11.6.4

11.6.4

F5 Big-IP Advanced Firewall Manager (AFM) 11.6.5

11.6.5

F5 Big-IP Advanced Firewall Manager (AFM) 12.1.3

12.1.3

F5 BIG-IP Advanced Firewall Manager 12.1.4

12.1.4

F5 Big-IP Advanced Firewall Manager (AFM) 12.1.5

12.1.5

F5 Big-IP Advanced Firewall Manager (AFM) 13.1.1

13.1.1

F5 Big-IP Advanced Firewall Manager (AFM) 13.1.3

13.1.3

F5 Big-IP Advanced Firewall Manager (AFM) 14.1.2

14.1.2

F5 BIG-IP Analytics 15.1.0

15.1.0

F5 BIG-IP Application Security Manager (ASM) 15.1.0

15.1.0

F5 BIG-IP Domain Name System (DNS) 15.1.0

15.1.0

F5 BIG-IP Fraud Protection Service (FPS) 15.1.0

15.1.0

F5 BIG-IP Global Traffic Manager (GTM) 15.1.0

15.1.0

F5 BIG-IP Link Controller 15.1.0

15.1.0

F5 BIG-IP Policy Enforcement Manager (PEM) 15.1.0

15.1.0

F5 Big-IP Analytics 11.6.2

11.6.2

F5 Big-IP Analytics 11.6.3

11.6.3

F5 BIG-IP Analytics 11.6.4

11.6.4

F5 Big-IP Analytics 11.6.5

11.6.5

F5 Big-IP Analytics 12.1.3

12.1.3

F5 BIG-IP Analytics 12.1.4

12.1.4

F5 Big-IP Analytics 12.1.5

12.1.5

F5 Big-IP Analytics 13.1.1

13.1.1

F5 Big-IP Analytics 13.1.3

13.1.3

F5 Big-IP Analytics 14.1.2

14.1.2

F5 Big-IP Application Acceleration Manager (AAM) 11.6.2

11.6.2

F5 Big-IP Application Acceleration Manager (AAM) 11.6.3

11.6.3

F5 BIG-IP Application Acceleration Manager (AAM) 11.6.4

11.6.4

F5 Big-IP Application Acceleration Manager (AAM) 11.6.5

11.6.5

F5 Big-IP Application Acceleration Manager (AAM) 12.1.3

12.1.3

F5 BIG-IP Application Acceleration Manager 12.1.4

12.1.4

F5 Big-IP Application Acceleration Manager (AAM) 12.1.5

12.1.5

F5 Big-IP Application Acceleration Manager (AAM) 13.1.1

13.1.1

F5 Big-IP Application Acceleration Manager (AAM) 13.1.3

13.1.3

F5 Big-IP Application Acceleration Manager (AAM) 14.1.2

14.1.2

F5 Big-IP Application Security Manager (ASM) 11.6.2

11.6.2

F5 Big-IP Application Security Manager (ASM) 11.6.3

11.6.3

F5 BIG-IP Application Security Manager (ASM) 11.6.4

11.6.4

F5 Big-IP Application Security Manager (ASM) 11.6.5

11.6.5

F5 Big-IP Application Security Manager (ASM) 12.1.3

12.1.3

F5 BIG-IP Application Security Manager 12.1.4

12.1.4

F5 Big-IP Application Security Manager (ASM) 12.1.5

12.1.5

F5 Big-IP Application Security Manager (ASM) 13.1.1

13.1.1

F5 Big-IP Application Security Manager (ASM) 13.1.3

13.1.3

F5 Big-IP Application Security Manager (ASM) 14.1.2

14.1.2

F5 Big-IP Fraud Protection Service (FPS) 13.1.1

13.1.1

F5 Big-IP Fraud Protection Service (FPS) 13.1.3

13.1.3

F5 Big-IP Fraud Protection Service (FPS) 14.1.2

14.1.2

F5 Big-IP Global Traffic Manager (GTM) 11.6.2

11.6.2

F5 Big-IP Global Traffic Manager (GTM) 11.6.3

11.6.3

F5BIG-IP Global Traffic Manager (GTM) 11.6.4

11.6.4

F5 Big-IP Global Traffic Manager (GTM) 11.6.5

11.6.5

F5 Big-IP Global Traffic Manager (GTM) 12.1.3

12.1.3

F5 BIG-IP Global Traffic Manager 12.1.4

12.1.4

F5 Big-IP Global Traffic Manager (GTM) 12.1.5

12.1.5

F5 Big-IP Global Traffic Manager (GTM) 13.1.1

13.1.1

F5 Big-IP Global Traffic Manager (GTM) 13.1.3

13.1.3

F5 Big-IP Global Traffic Manager (GTM) 14.1.2

14.1.2

F5 Big-IP Link Controller 11.6.2

11.6.2

F5 Big-IP Link Controller 11.6.3

11.6.3

F5 BIG-IP Link Controller 11.6.4

11.6.4

F5 Big-IP Link Controller 11.6.5

11.6.5

F5 Big-IP Link Controller 12.1.3

12.1.3

F5 BIG-IP Link Controller 12.1.4

12.1.4

F5 Big-IP Link Controller 12.1.5

12.1.5

F5 Big-IP Link Controller 13.1.1

13.1.1

F5 Big-IP Link Controller 13.1.3

13.1.3

F5 Big-IP Link Controller 14.1.2

14.1.2

F5 Big-IP Local Traffic Manager (LTM) 11.6.2

11.6.2

F5 Big-IP Local Traffic Manager (LTM) 11.6.3

11.6.3

F5 BIG-IP Local Traffic Manager (LTM) 11.6.4

11.6.4

F5 Big-IP Local Traffic Manager (LTM) 11.6.5

11.6.5

F5 Big-IP Local Traffic Manager (LTM) 12.1.3

12.1.3

F5 BIG-IP Local Traffic Manager 12.1.4

12.1.4

F5 Big-IP Local Traffic Manager (LTM) 12.1.5

12.1.5

F5 Big-IP Local Traffic Manager (LTM) 13.1.1

13.1.1

F5 BIG-IP Local Traffic Manager (LTM) 13.1.3

13.1.3

F5 BIG-IP Local Traffic Manager (LTM) 14.1.2

14.1.2

F5 Big-IP Policy Enforcement Manager (PEM) 11.6.3

11.6.3

F5 BIG-IP Policy Enforcement Manager (PEM) 11.6.4

11.6.4

F5 Big-IP Policy Enforcement Manager (PEM) 11.6.5

11.6.5

F5 BIG-IP Policy Enforcement Manager 12.1.4

12.1.4

F5 Big-IP Policy Enforcement Manager (PEM) 12.1.5

12.1.5

F5 Big-IP Policy Enforcement Manager (PEM) 13.1.1

13.1.1

F5 Big-IP Policy Enforcement Manager (PEM) 13.1.3

13.1.3

F5 Big-IP Policy Enforcement Manager (PEM) 14.1.2

14.1.2

F5 Big-IP Domain Name System (DNS) 11.6.2

11.6.2

F5 Big-IP Domain Name System (DNS) 11.6.3

11.6.3

F5 BIG-IP Domain Name System (DNS) 11.6.4

11.6.4

F5 Big-IP Domain Name System (DNS) 11.6.5

11.6.5

F5 Big-IP Domain Name System (DNS) 12.1.3

12.1.3

F5 BIG-IP Domain Name System 12.1.4

12.1.4

F5 Big-IP Domain Name System (DNS) 12.1.5

12.1.5

F5 Big-IP Domain Name System (DNS) 13.1.1

13.1.1

F5 Big-IP Domain Name System (DNS) 13.1.3

13.1.3

F5 Big-IP Domain Name System (DNS) 14.1.2

14.1.2

F5 Big-IP Fraud Protection Service (FPS) 11.6.2

11.6.2

F5 Big-IP Fraud Protection Service (FPS) 11.6.3

11.6.3

F5 BIG-IP Fraud Protection Service (FPS) 11.6.4

11.6.4

F5 Big-IP Fraud Protection Service (FPS) 11.6.5

11.6.5

F5 Big-IP Fraud Protection Service (FPS) 12.1.1

12.1.1

F5 Big-IP Fraud Protection Service (FPS) 12.1.2

12.1.2

F5 Big-IP Fraud Protection Service (FPS) 12.1.3

12.1.3

F5 BIG-IP Fraud Protection Service (FPS) 12.1.4

12.1.4

F5 Big-IP Fraud Protection Service (FPS) 12.1.5

12.1.5

References

https://support.f5.com/csp/article/K38271531

https://support.f5.com/csp/article/K38271531

Vendor Advisory

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.