Follow

Info: F5 remote-users can not inject commands with Workflows

Applies To:

All versions of TPP

F5 LTM Advanced

 

Summary:

The F5 user that runs command injection in a workflow must have their "Terminal Access" set to "Advanced Shell" (bash) in the F5 config.

Screen Shot 2024-01-04 at 5.47.08 PM.png

 

A remote-user in F5 (AD, LDAP, etc) can not be assigned the "Advanced Shell" (bash) for Terminal Access. See the following F5 article for more details

https://my.f5.com/manage/s/article/K28660000

When a remote-user signs in to the F5 over SSH, the user enters the "Traffic Management Shell" (tmsh) by default. This will cause command injection to fail as a result.

 

Information:

The F5 application object will stall/hang at the stage where the workflow with command injection is applied.

No logs are found in the Default SQL Channel indicating the command has failed.

The "Application Credential" on the F5 object controls which user will run the commands in a workflow

Screen Shot 2024-01-04 at 5.52.30 PM.png

 

Venafi Solution:

Use a local account in F5 to inject commands with Workflows in TPP.
Use Adaptable Workflow

 

F5 Workaround:

The F5 Remote user can be mapped to a local user for commands. The exact steps may vary, but here is an example article from F5 showing how it can be done:

https://my.f5.com/manage/s/article/K89001433

 

 

Was this article helpful?
1 out of 1 found this helpful

Comments