Español | English
rss facebook linkedin Twitter

F5 FirePass command execution vulnerability

F5's FirePass SSL VPN appliance provides secure access to corporate applications and data using a standard web browser.

Delivering outstanding performance, scalability, ease-of-use, and end-point security, FirePass helps increase the productivity of those working from home or on the road while keeping corporate data secure.

S21sec has discovered a vulnerability in a F5 FirePass SSL VPN script that allows the injection of Linux's shell commands under some circunstances.

The attacker doesn`t need to be logged in the system in order to trigger the exploit.

F5 has published a security advisory at

Additionally, hotfix HF-75705-76003-1 has been issued for supported versions of FirePass.

You may download this hotfix or later versions of the hotfix from the F5 Networks Downloads site (

This vulnerability has been discovered and researched by:
  • Leonardo Nve S21Sec
With thanks to:
  • Alberto Moro S21Sec

You can access the latest version of this advisory at

1 comentario:

Anónimo dijo...

The F5 report on this issue is actually here --->


(+34 902 222 521)

24 horas / 7 días a la semana

© Copyright S21sec 2013 - Todos los derechos reservados