CVE-1999-1550

Vulnerability

In F5 BIG/ip 2.1.2 and earlier, the bigconf.cgi CGI program, installed setuid root, allows remote attackers to read arbitrary files on the system by supplying the target file path in the file parameter. The vulnerability exists in versions prior to 2.1.2, as described in the initial report [1][3].

Exploitation

An attacker must first authenticate to the web interface, which is password-protected. Once authenticated, the attacker can request bigconf.cgi with a file parameter pointing to any file on the system, such as /etc/passwd. The program, running with root privileges, will read and return the file contents. The attacker must be an internal user or have valid credentials, as the web server restricts access [1][3].

Impact

A successful attacker can read any file on the BIG/ip system, including sensitive configuration files, password hashes, and other data. This leads to complete information disclosure, potentially compromising the entire system's security and allowing further privilege escalation or lateral movement [1][2][3].

Mitigation

F5 released version 2.1.2 of BIG/ip to address this issue. The update, available for free to customers with support contracts, removes the shell escape capability and implements multiple user levels in the web interface, preventing unrestricted file reads [1]. Systems still running earlier versions remain vulnerable. No other workarounds were specified in the public references [1][2][3].