SQL Injection Flaw in F5 FirePass VPN Software
CVE-2012-1777

Currently unrated

Key Information:

Vendor: F5
Status: Firepass
Vendor: CVE Published:; 5 April 2012

Summary

A SQL injection vulnerability exists in the my.activation.php3 file of the F5 FirePass VPN, affecting versions 6.0.0 to 7.0.0. This flaw allows remote attackers to manipulate SQL queries by sending specially crafted requests. Exploiting this vulnerability could enable attackers to execute arbitrary SQL commands within the database, potentially leading to unauthorized access or data compromise. It is essential for F5 FirePass users to apply the latest patches and follow best security practices to mitigate the risks associated with this SQL injection issue.

References

http://secunia.com/advisories/48455

third-party-advisoryx_refsource_SECUNIA

https://exchange.xforce.ibmcloud.com/vulnerabilities/74450

vdb-entryx_refsource_XF

https://exchange.xforce.ibmcloud.com/vulnerabilities/74198

vdb-entryx_refsource_XF

Timeline

Vulnerability published
Apr 5, 2012
Vulnerability Reserved
Mar 19, 2012