SOL14154 - SQL injection vulnerability from an authenticated source CVE-2012-3000

AskF5 Knowledge Base

Applies To:

Show Versions

BIG-IP LTM

11.3.0, 11.2.1, 11.2.0, 11.1.0, 11.0.0, 10.2.4, 10.2.3, 10.2.2, 10.2.1, 10.2.0, 10.1.0, 10.0.1, 9.4.8, 9.4.7, 9.4.6

BIG-IP AFM

11.3.0

BIG-IP Analytics

11.3.0, 11.2.1, 11.2.0, 11.1.0, 11.0.0

BIG-IP APM

11.3.0, 11.2.1, 11.2.0, 11.1.0, 11.0.0, 10.2.4, 10.2.3, 10.2.2, 10.2.1, 10.2.0, 10.1.0

BIG-IP ASM

11.3.0, 11.2.1, 11.2.0, 11.1.0, 11.0.0, 10.2.4, 10.2.3, 10.2.2, 10.2.1, 10.2.0, 10.1.0, 10.0.1, 9.4.8, 9.4.7, 9.4.6

BIG-IP Edge Gateway

11.3.0, 11.2.1, 11.2.0, 11.1.0, 11.0.0, 10.2.4, 10.2.3, 10.2.2, 10.2.1, 10.2.0, 10.1.0

BIG-IP GTM

11.3.0, 11.2.1, 11.2.0, 11.1.0, 11.0.0, 10.2.4, 10.2.3, 10.2.2, 10.2.1, 10.2.0, 10.1.0, 10.0.1, 9.4.8, 9.4.7, 9.4.6

BIG-IP Link Controller

11.3.0, 11.2.1, 11.2.0, 11.1.0, 11.0.0, 10.2.4, 10.2.3, 10.2.2, 10.2.1, 10.2.0, 10.1.0, 10.0.1, 9.4.8, 9.4.7, 9.4.6

BIG-IP PEM

11.3.0

BIG-IP PSM

11.3.0, 11.2.1, 11.2.0, 11.1.0, 11.0.0, 10.2.4, 10.2.3, 10.2.2, 10.2.1, 10.2.0, 10.1.0, 10.0.1, 9.4.8, 9.4.7, 9.4.6

BIG-IP WebAccelerator

11.3.0, 11.2.1, 11.2.0, 11.1.0, 11.0.0, 10.2.4, 10.2.3, 10.2.2, 10.2.1, 10.2.0, 10.1.0, 10.0.1, 9.4.8, 9.4.7, 9.4.6

BIG-IP WOM

11.3.0, 11.2.1, 11.2.0, 11.1.0, 11.0.0, 10.2.4, 10.2.3, 10.2.2, 10.2.1, 10.2.0, 10.1.0, 10.0.1

ARX

6.3.0, 6.2.0, 6.1.1, 6.1.0, 6.0.0, 5.3.1, 5.2.2, 5.2.0, 5.1.9, 5.1.7, 5.1.5, 5.1.0, 5.0.7, 5.0.6, 5.0.5, 5.0.1, 5.0.0, 4.1.3, 4.1.1, 4.1.0, 4.0.1, 3.2.3, 3.2.2, 3.2.1, 2.7.1, 2.7.0

Data Manager

3.1.0, 3.0.2, 3.0.1, 3.0.0, 2.6.1, 2.6.0, 2.5.1, 2.5.0, 2.0.2, 2.0.1

Enterprise Manager

3.1.0, 3.0.0, 2.3.0, 2.2.0, 2.1.0, 2.0.0, 1.8.0, 1.7.0, 1.6.0, 1.4.1, 1.4.0, 1.2.2, 1.2.1, 1.2.0, 1.0.0

FirePass

7.0.0, 6.1.0

sol14154: SQL injection vulnerability from an authenticated source CVE-2012-3000

Security Advisory

Original Publication Date: 01/23/2013
Updated Date: 05/08/2013

Description

An SQL injection vulnerability exists in a BIG-IP component. This local vulnerability may allow an authenticated attacker to download arbitrary files from the file system.

Impact

An attacker may be able to exploit the vulnerability and retrieve arbitrary files or modify database contents.

F5 Product Development has assigned ID 400060 to this vulnerability. To find out whether F5 has determined that your release is vulnerable, and to obtain information about releases or hotfixes that resolve the vulnerability, refer to the following table:

Product	Versions known to be vulnerable	Versions known to be not vulnerable	Vulnerable component or feature
BIG-IP LTM	11.0.0 - 11.2.1	9.4.6 - 9.4.8 10.0.1 - 10.2.4 11.2.0 HF3 11.2.1 HF3 11.3.0	APM WebGUI
BIG-IP GTM	11.0.0 - 11.2.1	9.4.6 - 9.4.8 10.0.1 - 10.2.4 11.2.0 HF3 11.2.1 HF3 11.3.0	APM WebGUI
BIG-IP ASM	11.0.0 - 11.2.1	9.4.6 - 9.4.8 10.0.1 - 10.2.4 11.2.0 HF3 11.2.1 HF3 11.3.0	APM WebGUI
BIG-IP Link Controller	11.0.0 - 11.2.1	9.4.6 - 9.4.8 10.0.1 - 10.2.4 11.2.0 HF3 11.2.1 HF3 11.3.0	APM WebGUI
BIG-IP WebAccelerator	11.0.0 - 11.2.1	9.4.6 - 9.4.8 10.0.1 - 10.2.4 11.0.0 - 11.3.0	AVR WebGUI
BIG-IP PSM	11.0.0 - 11.2.1	9.4.6 - 9.4.8 10.0.1 - 10.2.4 11.2.0 HF3 11.2.1 HF3 11.3.0	APM WebGUI
BIG-IP WOM	11.0.0 - 11.2.1	10.0.1 - 10.2.4 11.3.0	AVR WebGUI
BIG-IP APM	11.0.0 - 11.2.1	10.0.1 - 10.2.4 11.2.0 HF3 11.2.1 HF3 11.3.0	APM WebGUI
BIG-IP Edge Gateway	11.0.0 - 11.2.1	10.0.1 - 10.2.4 11.2.0 HF3 11.2.1 HF3 11.3.0	APM WebGUI
BIG-IP Analytics	11.0.0 - 11.2.1	11.2.0 HF3 11.2.1 HF3 11.3.0	APM WebGUI
BIG-IP AFM	None	11.3.0	None
BIG-IP PEM	None	11.3.0	None
FirePass	None	6.1.0 7.0.0	None
Enterprise Manager	None	1.x 2.x 3.x	None
ARX	None	4.x 5.x 6.x	None

Recommended action

To eliminate this vulnerability, upgrade to a version that is listed in the Versions known to be not vulnerable column.

Supplemental Information

SEC Consult Vulnerability Lab Security Advisory 20121203-0

This link will take you to a resource outside of AskF5, and it is possible that the document may be removed without our knowledge.
SOL9970: Subscribing to email notifications regarding F5 products
SOL9957: Creating a custom RSS feed to view new and updated documents
SOL4602: Overview of the F5 security vulnerability response policy
SOL4918: Overview of the F5 critical issue hotfix policy
SOL167: Downloading software and firmware from F5

Acknowledgements

F5 would like to acknowledge SEC Consult Vulnerability Lab for bringing this issue to our attention, and for following the highest standards of responsible disclosure.

Was this resource helpful in solving your issue?

Yes - this resource was helpful
No - this resource was not helpful
I don‘t know yet

NOTE: Please do not provide personal information.

Incorrect answer. Please try again: Please enter the words to the right: Please enter the numbers you hear:

Additional Comments (optional)

Reload Audio Image Help