CVE-2012-2053

Description

The sudoers file in the Linux system configuration in F5 FirePass 6.0.0 through 6.1.0 and 7.0.0 does not require a password for executing commands as root, which allows local users to gain privileges via the sudo program, as demonstrated by the user account that executes PHP scripts, a different vulnerability than CVE-2012-1777.

Affected products

• F5 / firepass6.0 – 6.0
• F5 / firepass6.1.0 – 6.1.0
• F5 / firepass7.0.0 – 7.0.0

References

• MISChttps://www.sec-consult.com/files/20120328-0_F5_FirePass_SSL_VPN_unauthenticated_remote_root_v1.0.txt
• MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/74813