Cross-site scripting (XSS) vulnerabilities exist in the FirePass logon page, which is accessible prior to authentication. The affected FirePass page fails to fully sanitize HTTP request input before the web page content is sent to the browser. By altering the HTTP request input in the cookie, a remote attacker can potentially compromise the security of the FirePass controller.
It is possible for a remote attacker to create web pages, emails, or other media containing hyperlinks to the vulnerable FirePass web page. These hyperlinks may include executable code or other malicious data. Following one of these hyperlinks to the FirePass controller could result in malicious code execution on the client side, disclosure of sensitive information, or other exploits.
F5 Product Development tracked this issue as CR116015, CR119540, and ID 35312 and it was fixed in FirePass 6.1.0. For information about upgrading, refer to the FirePass release notes.
Additionally, this issue was fixed in cumulative HF-603-2.1 issued for version 6.0.3, and HF-602-10 issued for version 6.0.2. You may download these hotfixes or later versions of the cumulative hotfixes from the F5 Downloads site.
To view a list of the latest available hotfixes, refer to SOL10322: FirePass hotfix matrix.
For information about downloading software, refer to SOL167: Downloading software from F5.
For instructions about installing a hotfix, refer to SOL3430: Installing FirePass hotfixes.
F5 would like to acknowledge Sjoerd Resink of Fox-IT for his efforts in identifying this issue.