Applies To:

Show Versions Show Versions

sol14046: FirePass input validation vulnerability
Security AdvisorySecurity Advisory

Original Publication Date: 11/29/2012
Updated Date: 11/29/2012

Description

F5 FirePass SSL VPN contains an input validation vulnerability that may allow a remote attacker to compromise the FirePass controller.

Impact

An attacker may be able to exploit the vulnerability and retrieve arbitrary files, perform Denial of Service attacks, or execute system level commands if access is gained to the underlying operating system.

Status

F5 Product Development has assigned ID 388207 to this vulnerability. To find out whether F5 has determined that your release is vulnerable, and to obtain information about releases or hotfixes that resolve the vulnerability, refer to the following table:

Product Versions known
to be vulnerable
Versions known
to be not vulnerable
Vulnerable component
or feature
BIG-IP LTM None
9.x
10.x
11.x
None
BIG-IP GTM None 9.x
10.x
11.x
None
BIG-IP ASM None 9.x
10.x
11.x
None
BIG-IP Link Controller None
9.x
10.x
11.x
None
BIG-IP WebAccelerator None 9.x
10.x
11.x
None
BIG-IP PSM None 9.x
10.x
11.x
None
BIG-IP WOM None 10.x
11.x
None
BIG-IP APM None 10.x
11.x
None
BIG-IP Edge Gateway
None 10.x
11.x
None
BIG-IP Analytics
None 11.x None
FirePass 7.0.0
6.1.0
7.0.0 HF-70-7
Authentication web page
Enterprise Manager None
1.x
2.x
None
ARX None
4.x
5.x
6.x
None

Recommended action

To eliminate this vulnerability, upgrade to a version that is listed in the Versions known to be not vulnerable column in the previous table.

F5 strongly recommends that you install HF-70-7 for FirePass 7.0.0 to address this vulnerability.

Supplemental Information

Acknowledgements

F5 would like to acknowledge SEC Consult Vulnerability Lab for bringing this issue to our attention, and for following the highest standards of responsible disclosure.

Was this resource helpful in solving your issue?




NOTE: Please do not provide personal information.



Incorrect answer. Please try again: Please enter the words to the right: Please enter the numbers you hear:

Additional Comments (optional)