Local Privilege Escalation in F5 FirePass Products
CVE-2012-2053

Currently unrated

Key Information:

Vendor: F5
Status: Firepass
Vendor: CVE Published:; 5 April 2012

Summary

The sudoers file in F5 FirePass versions 6.0.0 through 6.1.0 and 7.0.0 does not require a password for executing commands as root. This lack of authentication can be exploited by local users, allowing them to elevate their privileges using the sudo program. Specifically, the vulnerability can be demonstrated through user accounts that execute PHP scripts, creating a security risk that needs to be addressed to mitigate unauthorized access.

References

https://www.sec-consult.com/files/20120328-0_F5_FirePass_...

x_refsource_MISC

https://exchange.xforce.ibmcloud.com/vulnerabilities/74813

vdb-entryx_refsource_XF

Timeline

Vulnerability published
Apr 5, 2012
Vulnerability Reserved
Apr 3, 2012