F5 FirePass 4100 SSL VPN My.Activiation.PHP3 Remote Command Injection Vulnerability
TITLE: F5 FirePass 4100 SSL VPN My.Activiation.PHP3 Remote Command Injection Vulnerability
CLASS: Input Validation Error
CVE:
REMOTE: Yes
LOCAL: No
PUBLISHED: Jun 04 2007 12:00AM
UPDATE: Jun 04 2007 12:00AM
CREDIT: Leonardo Nve is credited with the discovery of this issue.
VULNERABLE:
F5 FirePass 4100 0NOT VULNERABLE:
Vai alla pagina originale su Security Focus
Discussion
F5 Firepass 4100 SSL VPN is prone to a remote command-injection vulnerability because it fails to adequately sanitize user-supplied input data.
Attackers can exploit this issue to execute arbitrary commands on the affected device. Successful attacks will compromise the device.
Exploit
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:vuldb@securityfocus.com.
Solution
Solution:
The vendor has released a hotfix to address this issue. Please see the references section for further information.
References
References:
- F5 Networks Downloads site (F5)
- Home page (F5 Software)
- F5 FirePass command execution vulnerability (S21sec Labs)