Arbitrary Command Execution in F5 FirePass SSL VPN
CVE-2007-3097

Currently unrated

Key Information:

Vendor: F5
Status: Firepass 4100
Vendor: CVE Published:; 6 June 2007

Summary

The vulnerability allows remote attackers to execute arbitrary shell commands by injecting shell metacharacters through the 'username' parameter in the my.activation.php3 script of F5 FirePass 4100 SSL VPN. This exposure can lead to unauthorized system control, making it critical for users to implement proper security measures and patches.

References

http://www.securitytracker.com/id?1018190

vdb-entryx_refsource_SECTRACK

http://secunia.com/advisories/25563

third-party-advisoryx_refsource_SECUNIA

http://www.s21sec.com/avisos/s21sec-035-en.txt

x_refsource_MISC

Timeline

Vulnerability published
Jun 6, 2007
Vulnerability Reserved
Jun 6, 2007