F5 FirePass command execution vulnerability
F5’s FirePass SSL VPN appliance provides secure access to corporate applications and data using a standard web browser.
Delivering outstanding performance, scalability, ease-of-use, and end-point security, FirePass helps increase the productivity of those working from home or on the road while keeping corporate data secure.
S21sec has discovered a vulnerability in a F5 FirePass SSL VPN script that allows the injection of Linux’s shell commands under some circunstances.
The attacker doesn`t need to be logged in the system in order to trigger the exploit.
F5 has published a security advisory at
Additionally, hotfix HF-75705-76003-1 has been issued for supported versions of FirePass.
You may download this hotfix or later versions of the hotfix from the F5 Networks Downloads site (https://downloads.f5.com/esd/index.jsp).
This vulnerability has been discovered and researched by:
- Leonardo Nve
S21Sec Alberto Moro S21Sec
You can access the latest version of this advisory at