Local Privilege Escalation in F5 FirePass Products
CVE-2012-2053

Currently unrated

Key Information:

Vendor
F5
Status
Vendor
CVE Published:
5 April 2012

Summary

The sudoers file in F5 FirePass versions 6.0.0 through 6.1.0 and 7.0.0 does not require a password for executing commands as root. This lack of authentication can be exploited by local users, allowing them to elevate their privileges using the sudo program. Specifically, the vulnerability can be demonstrated through user accounts that execute PHP scripts, creating a security risk that needs to be addressed to mitigate unauthorized access.

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.