F5 FirePass 4100 SSL VPN My.Activiation.PHP3 Remote Command Injection Vulnerability
BID:24306
Info
F5 FirePass 4100 SSL VPN My.Activiation.PHP3 Remote Command Injection Vulnerability
| Bugtraq ID: | 24306 |
| Class: | Input Validation Error |
| CVE: |
CVE-2007-3097 |
| Remote: | Yes |
| Local: | No |
| Published: | Jun 04 2007 12:00AM |
| Updated: | May 07 2015 05:37PM |
| Credit: | Leonardo Nve is credited with the discovery of this issue. |
| Vulnerable: |
F5 FirePass 4100 0 |
| Not Vulnerable: | |
Discussion
F5 FirePass 4100 SSL VPN My.Activiation.PHP3 Remote Command Injection Vulnerability
F5 Firepass 4100 SSL VPN is prone to a remote command-injection vulnerability because it fails to adequately sanitize user-supplied input data.
Attackers can exploit this issue to execute arbitrary commands on the affected device. Successful attacks will compromise the device.
F5 Firepass 4100 SSL VPN is prone to a remote command-injection vulnerability because it fails to adequately sanitize user-supplied input data.
Attackers can exploit this issue to execute arbitrary commands on the affected device. Successful attacks will compromise the device.
Exploit / POC
F5 FirePass 4100 SSL VPN My.Activiation.PHP3 Remote Command Injection Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
F5 FirePass 4100 SSL VPN My.Activiation.PHP3 Remote Command Injection Vulnerability
Solution:
The vendor has released a hotfix to address this issue. Please see the references for more information.
Solution:
The vendor has released a hotfix to address this issue. Please see the references for more information.
References
F5 FirePass 4100 SSL VPN My.Activiation.PHP3 Remote Command Injection Vulnerability
References:
References:
- F5 Networks Downloads site (F5)
- Homepage (F5 Software)
- F5 FirePass command execution vulnerability (S21sec Labs)