F5 FirePass command execution vulnerability

F5’s FirePass SSL VPN appliance provides secure access to corporate applications and data using a standard web browser.

Delivering outstanding performance, scalability, ease-of-use, and end-point security, FirePass helps increase the productivity of those working from home or on the road while keeping corporate data secure.

S21sec has discovered a vulnerability in a F5 FirePass SSL VPN script that allows the injection of Linux’s shell commands under some circunstances.

The attacker doesn`t need to be logged in the system in order to trigger the exploit.

F5 has published a security advisory at

Additionally, hotfix HF-75705-76003-1 has been issued for supported versions of FirePass.

You may download this hotfix or later versions of the hotfix from the F5 Networks Downloads site (

This vulnerability has been discovered and researched by:

  • Leonardo Nve S21Sec

With thanks to:

  • Alberto Moro S21Sec

You can access the latest version of this advisory at

Deja un comentario