Vulnerability Description
The sudoers file in the Linux system configuration in F5 FirePass 6.0.0 through 6.1.0 and 7.0.0 does not require a password for executing commands as root, which allows local users to gain privileges via the sudo program, as demonstrated by the user account that executes PHP scripts, a different vulnerability than CVE-2012-1777.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| F5 | Firepass | 6.0 |
Related Weaknesses (CWE)
References
- https://exchange.xforce.ibmcloud.com/vulnerabilities/74813
- https://www.sec-consult.com/files/20120328-0_F5_FirePass_SSL_VPN_unauthenticatedExploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/74813
- https://www.sec-consult.com/files/20120328-0_F5_FirePass_SSL_VPN_unauthenticatedExploit
FAQ
What is CVE-2012-2053?
CVE-2012-2053 is a vulnerability with a CVSS score of 7.2 (HIGH). The sudoers file in the Linux system configuration in F5 FirePass 6.0.0 through 6.1.0 and 7.0.0 does not require a password for executing commands as root, which allows local users to gain privileges ...
How severe is CVE-2012-2053?
CVE-2012-2053 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-2053?
Check the references section above for vendor advisories and patch information. Affected products include: F5 Firepass.