A cross-site scripting (XSS) vulnerability exists in the FirePass installControl.php3 page, which is accessible prior to authentication. The installControl.php3 page fails to fully sanitize URL input before the web page content is sent to the browser.
It is possible for an attacker to create web pages, emails, or other media containing specially crafted hyperlinks to the installControl.php3 page, which may include executable code or other malicious data. If you follow the hyperlink to the FirePass controller, the affected web page will be returned to your browser with the malicious content. This issue could result in code execution on the client side, leading to the disclosure of sensitive information or other exploits.
F5 Product Development tracked this issue as CR94763 and it was fixed in FirePass version 6.0.3. For information about upgrading, refer to the FirePass release notes.
This issue still exists in the FirePass version 5.x branch.
Obtaining and installing patches
You can download patches from the F5 Downloads site for the following products and versions:
Important: On the F5 Downloads site, only the most recent Cumulative Hotfix for each version of FirePass software is available. If a Cumulative Hotfix listed in the table below is no longer available, installing the most recent Cumulative Hotfix will resolve the issue described in this Security Advisory.
Product | Version | Hotfix | Installation File
FirePass | 6.0.2 | HF-602-3 | HF-602-3-6.02-ALL-0.tar.gz.enc
FirePass | 6.0.1 | HF-601-11 | HF-601-11-6.01-ALL-0.tar.gz.enc
FirePass | 5.5.2 | HF-552-12 | HF-552-12-5.52-ALL-0.tar.gz.enc
FirePass | 5.5.1 | Hotfix-60073-94763 | HF-60073-94763-1-5.51-ALL-0.tar.gz.enc
Note: For more information about installing the hotfixes listed above, refer to the README file on the F5 Downloads site for your version-specific hotfix.
For information about downloading software, refer to SOL167: Downloading software from F5 Networks.
F5 would like to acknowledge Jesse Michael for his efforts in identifying this issue.