Description
F5 has identified a possible sudo vulnerability for FirePass. FirePass does not require a password to execute sudo commands with elevated permissions. FirePass is designed to function as a closed-box appliance with no user-level access to the underlying operating system. A successful attack would require an attacker to gain access to the operating system prior to executing any command with elevated privileges.
Impact
An attacker may be able to exploit the vulnerability and execute system level commands if access is first gained to the underlying operating system.
Status
F5 Product Development has assigned ID 383963 to this vulnerability. To find out whether F5 has determined that your release is vulnerable, and to obtain information about releases or hotfixes that resolve the vulnerability, refer to the following table:
Product | Versions known to be vulnerable | Versions known to be not vulnerable | Vulnerable component or feature |
---|---|---|---|
BIG-IP LTM | None | 9.x | |
10.x | |||
11.x | None | ||
BIG-IP GTM | None | 9.x | |
10.x | |||
11.x | None | ||
BIG-IP ASM | None | 9.x | |
10.x | |||
11.x | None | ||
BIG-IP Link Controller | None | 9.x | |
10.x | |||
11.x | None | ||
BIG-IP WebAccelerator | None | 9.x | |
10.x | |||
11.x | None | ||
BIG-IP PSM | None | 9.x | |
10.x | |||
11.x | None | ||
BIG-IP WOM | None | 10.x | |
11.x | None | ||
BIG-IP APM | None | 10.x | |
11.x | None | ||
BIG-IP Edge Gateway | None | 10.x | |
11.x | None | ||
BIG-IP Analytics | None | 11.x | None |
BIG-IP AFM | None | 11.x | None |
BIG-IP PEM | None | 11.x | None |
BIG-IP AAM | None | 11.x | None |
FirePass | 6.0.0 - 6.1.0 | ||
7.0.0 | None | All | |
Enterprise Manager | None | 1.x | |
2.x | |||
3.x | None | ||
ARX | None | 5.x | |
6.x | None |
Recommended action
F5 recommends that you upgrade to the latest FirePass hotfix to ensure that you have the latest security updates.
Supplemental Information
Acknowledgments
F5 would like to acknowledge SEC Consult for their efforts in identifying this issue.