K13605: FirePass sudo vulnerability - CVE-2012-2053

Security Advisory Description Description F5 has identified a possible sudo vulnerability for FirePass. FirePass does not require a password to execute sudo commands with elevated permissions. FirePass is designed to function as a closed-box appliance with no user-level access to the underlying...

SOL13605 - FirePass sudo vulnerability - CVE-2012-2053

Recommended action F5 recommends that you upgrade to the latest FirePass hotfix to ensure that you have the latest security updates. Supplemental Information CERT advisory regarding CVE-2012-2053 SOL167: Downloading software and firmware from F5 SOL10322: FirePass hotfix matrix SOL3430: Installin...

CVE-2012-2053

The sudoers file in the Linux system configuration in F5 FirePass 6.0.0 through 6.1.0 and 7.0.0 does not require a password for executing commands as root, which allows local users to gain privileges via the sudo program, as demonstrated by the user account that executes PHP scripts, a different...

CVE-2012-2053

The sudoers file in the Linux system configuration in F5 FirePass 6.0.0 through 6.1.0 and 7.0.0 does not require a password for executing commands as root, which allows local users to gain privileges via the sudo program, as demonstrated by the user account that executes PHP scripts, a different...

CVE-2012-2053

Summary: CVE-2012-2053 affects F5 FirePass 6.0.0–6.1.0 and 7.0.0, where the sudoers configuration allows passwordless sudo for root, enabling local privilege escalation if an attacker gains OS access (e.g., via a PHP-executing user). The issue is a separate vulnerability from CVE-2012-1777. Root ...