ProCheckUp has informed F5 Networks of a potential Cross Site Scripting (XSS) vulnerability in some versions of the FirePass controller. The vulnerability exists in the login sequence of the Firepass controller. The affected FirePass pages fail to fully sanitize URL input before the web page content is sent to the browser.
It is possible for an attacker to create web pages or emails with URLs that include executable code or other malicious data containing a hyperlink to the vulnerable FirePass pages. If you follow the hyperlink to log in to the FirePass controller, the affected web pages will be returned to your browser with the malicious content. This could result in malicious code execution on the client side, disclosure of sensitive information, or other exploits.
For more information about this security advisory, refer to the ProCheckUp Security Bulletin vulnerabilities page at the following website:
F5 Networks Product Development tracked this issue as CR64237 and it was fixed in FirePass maintenance release 5.5.2 and feature release 6.0. For information about upgrading, refer to the FirePass Release Notes.