Skip to main content

F5 FirePass SSL VPN Remote Code Execution Vulnerability

Last Update Date: 5 Dec 2012 10:26 Release Date: 5 Dec 2012 4711 Views

RISK: Medium Risk

TYPE: Security software and application - Security Software & Appliance

TYPE: Security Software & Appliance

Multiple vulnerabilities have been identified in F5 FirePass, which can be exploited by malicious user to include and execute PHP code on the target system.

 

The 'CitrixAuth.php' script does not properly validate user-supplied input in the 'sessionId' parameter. A remote user can supply a specially crafted URL to cause the target system to include and execute files located on the target system.  A remote user can also exploit this flaw to view or delete files located on the target system.


Impact

  • Denial of Service
  • Remote Code Execution

System / Technologies affected

  • F5 FirePass 7.0.0 HF-70-6 and prior versions

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.


Vulnerability Identifier

  • No CVE information is available

Source


Related Link