Skip to main content

Firepass

5 CVEs product

Monthly

CVE-2014-2927 CRITICAL POC Act Now

The rsync daemon in F5 BIG-IP 11.6 before 11.6.0, 11.5.1 before HF3, 11.5.0 before HF4, 11.4.1 before HF4, 11.4.0 before HF7, 11.3.0 before HF9, and 11.2.1 before HF11 and Enterprise Manager 3.x. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Authentication Bypass Arx Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Analytics +15
NVD Exploit-DB
CVSS 2.0
9.3
EPSS
7.4%
CVE-2013-6024 MEDIUM This Month

The Edge Client components in F5 BIG-IP APM 10.x, 11.x, 12.x, 13.x, and 14.x, BIG-IP Edge Gateway 10.x and 11.x, and FirePass 7.0.0 allow attackers to obtain sensitive information from process memory. Rated medium severity (CVSS 4.4). No vendor patch available.

Information Disclosure Big Ip Access Policy Manager Big Ip Edge Gateway Firepass
NVD
CVSS 2.0
4.4
EPSS
0.1%
CVE-2013-0150 CRITICAL Act Now

Directory traversal vulnerability in an unspecified signed Java applet in the client-side components in F5 BIG-IP APM 10.1.0 through 10.2.4 and 11.0.0 through 11.3.0, FirePass 6.0.0 through 6.1.0 and. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Java Path Traversal Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Analytics +10
NVD
CVSS 2.0
9.3
EPSS
1.1%
CVE-2012-2053 HIGH POC This Week

The sudoers file in the Linux system configuration in F5 FirePass 6.0.0 through 6.1.0 and 7.0.0 does not require a password for executing commands as root, which allows local users to gain privileges. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

PHP Privilege Escalation Firepass
NVD
CVSS 2.0
7.2
EPSS
0.0%
CVE-2012-1777 HIGH POC This Week

SQL injection vulnerability in my.activation.php3 in F5 FirePass 6.0.0 through 6.1.0 and 7.0.0 allows remote attackers to execute arbitrary SQL commands via the state parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Firepass
NVD
CVSS 2.0
7.5
EPSS
1.2%
EPSS 7% CVSS 9.3
CRITICAL POC Act Now

The rsync daemon in F5 BIG-IP 11.6 before 11.6.0, 11.5.1 before HF3, 11.5.0 before HF4, 11.4.1 before HF4, 11.4.0 before HF7, 11.3.0 before HF9, and 11.2.1 before HF11 and Enterprise Manager 3.x. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Authentication Bypass Arx Big Ip Access Policy Manager +17
NVD Exploit-DB
EPSS 0% CVSS 4.4
MEDIUM This Month

The Edge Client components in F5 BIG-IP APM 10.x, 11.x, 12.x, 13.x, and 14.x, BIG-IP Edge Gateway 10.x and 11.x, and FirePass 7.0.0 allow attackers to obtain sensitive information from process memory. Rated medium severity (CVSS 4.4). No vendor patch available.

Information Disclosure Big Ip Access Policy Manager Big Ip Edge Gateway +1
NVD
EPSS 1% CVSS 9.3
CRITICAL Act Now

Directory traversal vulnerability in an unspecified signed Java applet in the client-side components in F5 BIG-IP APM 10.1.0 through 10.2.4 and 11.0.0 through 11.3.0, FirePass 6.0.0 through 6.1.0 and. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Java Path Traversal Big Ip Access Policy Manager +12
NVD
EPSS 0% CVSS 7.2
HIGH POC This Week

The sudoers file in the Linux system configuration in F5 FirePass 6.0.0 through 6.1.0 and 7.0.0 does not require a password for executing commands as root, which allows local users to gain privileges. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

PHP Privilege Escalation Firepass
NVD
EPSS 1% CVSS 7.5
HIGH POC This Week

SQL injection vulnerability in my.activation.php3 in F5 FirePass 6.0.0 through 6.1.0 and 7.0.0 allows remote attackers to execute arbitrary SQL commands via the state parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Firepass
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy