cvelistv5 - cve-2012-1777

CVE-2012-1777 (GCVE-0-2012-1777)

Vulnerability from cvelistv5 – Published: 2012-04-04 10:00 – Updated: 2024-08-06 19:08

Summary

SQL injection vulnerability in my.activation.php3 in F5 FirePass 6.0.0 through 6.1.0 and 7.0.0 allows remote attackers to execute arbitrary SQL commands via the state parameter.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://secunia.com/advisories/48455	third-party-advisoryx_refsource_SECUNIA
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://seclists.org/fulldisclosure/2012/Mar/324	mailing-listx_refsource_FULLDISC
	http://support.f5.com/kb/en-us/solutions/public/1…	x_refsource_CONFIRM
	https://www.sec-consult.com/files/20120328-0_F5_F…	x_refsource_MISC
	http://www.securitytracker.com/id?1026834	vdb-entryx_refsource_SECTRACK
	http://packetstormsecurity.org/files/111276/F5-Fi…	x_refsource_MISC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T19:08:38.513Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "48455",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/48455"
          },
          {
            "name": "firepass-state-sql-injection(74450)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74450"
          },
          {
            "name": "firepass-unspecified-sql-injection(74198)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74198"
          },
          {
            "name": "20120328 SEC Consult SA-20120328-0 :: F5 FirePass SSL VPN unauthenticated remote root through SQL injection - CVE-2012-1777",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2012/Mar/324"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.f5.com/kb/en-us/solutions/public/13000/400/sol13463.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.sec-consult.com/files/20120328-0_F5_FirePass_SSL_VPN_unauthenticated_remote_root_v1.0.txt"
          },
          {
            "name": "1026834",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1026834"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.org/files/111276/F5-FirePass-SSL-VPN-6.x-7.x-SQL-Injection.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-03-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "SQL injection vulnerability in my.activation.php3 in F5 FirePass 6.0.0 through 6.1.0 and 7.0.0 allows remote attackers to execute arbitrary SQL commands via the state parameter."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-05T19:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "48455",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/48455"
        },
        {
          "name": "firepass-state-sql-injection(74450)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74450"
        },
        {
          "name": "firepass-unspecified-sql-injection(74198)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74198"
        },
        {
          "name": "20120328 SEC Consult SA-20120328-0 :: F5 FirePass SSL VPN unauthenticated remote root through SQL injection - CVE-2012-1777",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2012/Mar/324"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.f5.com/kb/en-us/solutions/public/13000/400/sol13463.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.sec-consult.com/files/20120328-0_F5_FirePass_SSL_VPN_unauthenticated_remote_root_v1.0.txt"
        },
        {
          "name": "1026834",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1026834"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.org/files/111276/F5-FirePass-SSL-VPN-6.x-7.x-SQL-Injection.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2012-1777",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "SQL injection vulnerability in my.activation.php3 in F5 FirePass 6.0.0 through 6.1.0 and 7.0.0 allows remote attackers to execute arbitrary SQL commands via the state parameter."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "48455",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/48455"
            },
            {
              "name": "firepass-state-sql-injection(74450)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74450"
            },
            {
              "name": "firepass-unspecified-sql-injection(74198)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74198"
            },
            {
              "name": "20120328 SEC Consult SA-20120328-0 :: F5 FirePass SSL VPN unauthenticated remote root through SQL injection - CVE-2012-1777",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2012/Mar/324"
            },
            {
              "name": "http://support.f5.com/kb/en-us/solutions/public/13000/400/sol13463.html",
              "refsource": "CONFIRM",
              "url": "http://support.f5.com/kb/en-us/solutions/public/13000/400/sol13463.html"
            },
            {
              "name": "https://www.sec-consult.com/files/20120328-0_F5_FirePass_SSL_VPN_unauthenticated_remote_root_v1.0.txt",
              "refsource": "MISC",
              "url": "https://www.sec-consult.com/files/20120328-0_F5_FirePass_SSL_VPN_unauthenticated_remote_root_v1.0.txt"
            },
            {
              "name": "1026834",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1026834"
            },
            {
              "name": "http://packetstormsecurity.org/files/111276/F5-FirePass-SSL-VPN-6.x-7.x-SQL-Injection.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.org/files/111276/F5-FirePass-SSL-VPN-6.x-7.x-SQL-Injection.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2012-1777",
    "datePublished": "2012-04-04T10:00:00",
    "dateReserved": "2012-03-19T00:00:00",
    "dateUpdated": "2024-08-06T19:08:38.513Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:f5:firepass:6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0BDC49A3-D95D-4DDA-AAFD-4C58C7BA5042\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:f5:firepass:6.1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2231DE5F-0870-4810-BEC5-514F6076786B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:f5:firepass:7.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9E7DCCC2-5EA9-4698-8842-B953447617B1\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"SQL injection vulnerability in my.activation.php3 in F5 FirePass 6.0.0 through 6.1.0 and 7.0.0 allows remote attackers to execute arbitrary SQL commands via the state parameter.\"}, {\"lang\": \"es\", \"value\": \"Una vulnerabilidad de inyecci\\u00f3n SQL en my.activation.php3 en F5 FirePass v6.0.0 a 6.1.0 y v7.0.0 permite a atacantes remotos ejecutar comandos SQL a trav\\u00e9s del par\\u00e1metro state.\"}]",
      "id": "CVE-2012-1777",
      "lastModified": "2024-11-21T01:37:45.563",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:P/A:P\", \"baseScore\": 7.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2012-04-05T14:55:05.327",
      "references": "[{\"url\": \"http://packetstormsecurity.org/files/111276/F5-FirePass-SSL-VPN-6.x-7.x-SQL-Injection.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://seclists.org/fulldisclosure/2012/Mar/324\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/48455\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://support.f5.com/kb/en-us/solutions/public/13000/400/sol13463.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securitytracker.com/id?1026834\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/74198\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/74450\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://www.sec-consult.com/files/20120328-0_F5_FirePass_SSL_VPN_unauthenticated_remote_root_v1.0.txt\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://packetstormsecurity.org/files/111276/F5-FirePass-SSL-VPN-6.x-7.x-SQL-Injection.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://seclists.org/fulldisclosure/2012/Mar/324\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/48455\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://support.f5.com/kb/en-us/solutions/public/13000/400/sol13463.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securitytracker.com/id?1026834\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/74198\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/74450\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.sec-consult.com/files/20120328-0_F5_FirePass_SSL_VPN_unauthenticated_remote_root_v1.0.txt\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\"]}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-89\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2012-1777\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2012-04-05T14:55:05.327\",\"lastModified\":\"2025-04-11T00:51:21.963\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"SQL injection vulnerability in my.activation.php3 in F5 FirePass 6.0.0 through 6.1.0 and 7.0.0 allows remote attackers to execute arbitrary SQL commands via the state parameter.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad de inyecci\u00f3n SQL en my.activation.php3 en F5 FirePass v6.0.0 a 6.1.0 y v7.0.0 permite a atacantes remotos ejecutar comandos SQL a trav\u00e9s del par\u00e1metro state.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-89\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:f5:firepass:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0BDC49A3-D95D-4DDA-AAFD-4C58C7BA5042\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:f5:firepass:6.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2231DE5F-0870-4810-BEC5-514F6076786B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:f5:firepass:7.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9E7DCCC2-5EA9-4698-8842-B953447617B1\"}]}]}],\"references\":[{\"url\":\"http://packetstormsecurity.org/files/111276/F5-FirePass-SSL-VPN-6.x-7.x-SQL-Injection.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://seclists.org/fulldisclosure/2012/Mar/324\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/48455\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://support.f5.com/kb/en-us/solutions/public/13000/400/sol13463.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securitytracker.com/id?1026834\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/74198\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/74450\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://www.sec-consult.com/files/20120328-0_F5_FirePass_SSL_VPN_unauthenticated_remote_root_v1.0.txt\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\"]},{\"url\":\"http://packetstormsecurity.org/files/111276/F5-FirePass-SSL-VPN-6.x-7.x-SQL-Injection.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://seclists.org/fulldisclosure/2012/Mar/324\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/48455\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://support.f5.com/kb/en-us/solutions/public/13000/400/sol13463.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securitytracker.com/id?1026834\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/74198\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/74450\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.sec-consult.com/files/20120328-0_F5_FirePass_SSL_VPN_unauthenticated_remote_root_v1.0.txt\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]}]}}"
  }
}

FKIE_CVE-2012-1777

Vulnerability from fkie_nvd - Published: 2012-04-05 14:55 - Updated: 2025-04-11 00:51

Severity ?

Summary

SQL injection vulnerability in my.activation.php3 in F5 FirePass 6.0.0 through 6.1.0 and 7.0.0 allows remote attackers to execute arbitrary SQL commands via the state parameter.

References

URL	Tags
cve@mitre.org	http://packetstormsecurity.org/files/111276/F5-FirePass-SSL-VPN-6.x-7.x-SQL-Injection.html
cve@mitre.org	http://seclists.org/fulldisclosure/2012/Mar/324
cve@mitre.org	http://secunia.com/advisories/48455
cve@mitre.org	http://support.f5.com/kb/en-us/solutions/public/13000/400/sol13463.html	Vendor Advisory
cve@mitre.org	http://www.securitytracker.com/id?1026834
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/74198
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/74450
cve@mitre.org	https://www.sec-consult.com/files/20120328-0_F5_FirePass_SSL_VPN_unauthenticated_remote_root_v1.0.txt	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://packetstormsecurity.org/files/111276/F5-FirePass-SSL-VPN-6.x-7.x-SQL-Injection.html
af854a3a-2127-422b-91ae-364da2661108	http://seclists.org/fulldisclosure/2012/Mar/324
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/48455
af854a3a-2127-422b-91ae-364da2661108	http://support.f5.com/kb/en-us/solutions/public/13000/400/sol13463.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1026834
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/74198
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/74450
af854a3a-2127-422b-91ae-364da2661108	https://www.sec-consult.com/files/20120328-0_F5_FirePass_SSL_VPN_unauthenticated_remote_root_v1.0.txt	Exploit

Impacted products

Vendor	Product	Version
f5	firepass	6.0
f5	firepass	6.1.0
f5	firepass	7.0.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:f5:firepass:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0BDC49A3-D95D-4DDA-AAFD-4C58C7BA5042",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:f5:firepass:6.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2231DE5F-0870-4810-BEC5-514F6076786B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:f5:firepass:7.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E7DCCC2-5EA9-4698-8842-B953447617B1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "SQL injection vulnerability in my.activation.php3 in F5 FirePass 6.0.0 through 6.1.0 and 7.0.0 allows remote attackers to execute arbitrary SQL commands via the state parameter."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad de inyecci\u00f3n SQL en my.activation.php3 en F5 FirePass v6.0.0 a 6.1.0 y v7.0.0 permite a atacantes remotos ejecutar comandos SQL a trav\u00e9s del par\u00e1metro state."
    }
  ],
  "id": "CVE-2012-1777",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2012-04-05T14:55:05.327",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://packetstormsecurity.org/files/111276/F5-FirePass-SSL-VPN-6.x-7.x-SQL-Injection.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://seclists.org/fulldisclosure/2012/Mar/324"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/48455"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://support.f5.com/kb/en-us/solutions/public/13000/400/sol13463.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1026834"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74198"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74450"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "https://www.sec-consult.com/files/20120328-0_F5_FirePass_SSL_VPN_unauthenticated_remote_root_v1.0.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://packetstormsecurity.org/files/111276/F5-FirePass-SSL-VPN-6.x-7.x-SQL-Injection.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://seclists.org/fulldisclosure/2012/Mar/324"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/48455"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://support.f5.com/kb/en-us/solutions/public/13000/400/sol13463.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1026834"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74198"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74450"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "https://www.sec-consult.com/files/20120328-0_F5_FirePass_SSL_VPN_unauthenticated_remote_root_v1.0.txt"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-89"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

VAR-201204-0135

Vulnerability from variot - Updated: 2023-12-18 13:53

SQL injection vulnerability in my.activation.php3 in F5 FirePass 6.0.0 through 6.1.0 and 7.0.0 allows remote attackers to execute arbitrary SQL commands via the state parameter. FirePass is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. A successful exploit may allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. The following versions of FirePass are affected: 6.0 6.0.1 6.0.2 6.0.2.3 6.0.3 6.1 7.0. ----------------------------------------------------------------------

Become a PSI 3.0 beta tester! Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. Download it here! http://secunia.com/psi_30_beta_launch

TITLE: FirePass Unspecified SQL Injection Vulnerability

SECUNIA ADVISORY ID: SA48455

VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/48455/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=48455

RELEASE DATE: 2012-03-21

DISCUSS ADVISORY: http://secunia.com/advisories/48455/#comments

AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)

http://secunia.com/advisories/48455/

ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS

https://ca.secunia.com/?page=viewadvisory&vuln_id=48455

ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING

http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/

DESCRIPTION: A vulnerability has been reported in FirePass, which can be exploited by malicious people to conduct SQL injection attacks.

Certain unspecified input is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

SOLUTION: Install HF-377712-1.

PROVIDED AND/OR DISCOVERED BY: Reported by the vendor.

ORIGINAL ADVISORY: http://support.f5.com/kb/en-us/solutions/public/13000/400/sol13463.html

OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/advisories/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201204-0135",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "firepass",
        "scope": "eq",
        "trust": 2.4,
        "vendor": "f5",
        "version": "7.0.0"
      },
      {
        "model": "firepass",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "f5",
        "version": "6.0"
      },
      {
        "model": "firepass",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "f5",
        "version": "6.1.0"
      },
      {
        "model": "firepass",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "f5",
        "version": "6.0.0 to  6.1.0"
      },
      {
        "model": "firepass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "6.0.3"
      },
      {
        "model": "firepass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "6.0.2"
      },
      {
        "model": "firepass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "6.0.1"
      },
      {
        "model": "firepass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "7.0"
      },
      {
        "model": "firepass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "6.1"
      },
      {
        "model": "firepass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "6.0.2.3"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "52653"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-001994"
      },
      {
        "db": "NVD",
        "id": "CVE-2012-1777"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201204-070"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:h:f5:firepass:7.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:f5:firepass:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:f5:firepass:6.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2012-1777"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "C. Schwarz of SEC Consult Vulnerability Lab",
    "sources": [
      {
        "db": "BID",
        "id": "52653"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2012-1777",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 7.5,
            "confidentialityImpact": "Complete",
            "exploitabilityScore": null,
            "id": "CVE-2012-1777",
            "impactScore": null,
            "integrityImpact": "Complete",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "VHN-55058",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULMON",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CVE-2012-1777",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "HIGH",
            "trust": 0.1,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2012-1777",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201204-070",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-55058",
            "trust": 0.1,
            "value": "HIGH"
          },
          {
            "author": "VULMON",
            "id": "CVE-2012-1777",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-55058"
      },
      {
        "db": "VULMON",
        "id": "CVE-2012-1777"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-001994"
      },
      {
        "db": "NVD",
        "id": "CVE-2012-1777"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201204-070"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "SQL injection vulnerability in my.activation.php3 in F5 FirePass 6.0.0 through 6.1.0 and 7.0.0 allows remote attackers to execute arbitrary SQL commands via the state parameter. FirePass is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. \nA successful exploit may allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. \nThe following versions of FirePass are affected:\n6.0\n6.0.1\n6.0.2\n6.0.2.3\n6.0.3\n6.1\n7.0. ----------------------------------------------------------------------\n\nBecome a PSI 3.0 beta tester!\nTest-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. \nDownload it here!\nhttp://secunia.com/psi_30_beta_launch\n\n----------------------------------------------------------------------\n\nTITLE:\nFirePass Unspecified SQL Injection Vulnerability\n\nSECUNIA ADVISORY ID:\nSA48455\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/48455/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=48455\n\nRELEASE DATE:\n2012-03-21\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/48455/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/48455/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=48455\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nA vulnerability has been reported in FirePass, which can be exploited\nby malicious people to conduct SQL injection attacks. \n\nCertain unspecified input is not properly sanitised before being used\nin SQL queries. This can be exploited to manipulate SQL queries by\ninjecting arbitrary SQL code. \n\nSOLUTION:\nInstall HF-377712-1. \n\nPROVIDED AND/OR DISCOVERED BY:\nReported by the vendor. \n\nORIGINAL ADVISORY:\nhttp://support.f5.com/kb/en-us/solutions/public/13000/400/sol13463.html\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2012-1777"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-001994"
      },
      {
        "db": "BID",
        "id": "52653"
      },
      {
        "db": "VULHUB",
        "id": "VHN-55058"
      },
      {
        "db": "VULMON",
        "id": "CVE-2012-1777"
      },
      {
        "db": "PACKETSTORM",
        "id": "111049"
      }
    ],
    "trust": 2.16
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-55058",
        "trust": 0.1,
        "type": "unknown"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-55058"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2012-1777",
        "trust": 2.9
      },
      {
        "db": "SECUNIA",
        "id": "48455",
        "trust": 1.3
      },
      {
        "db": "PACKETSTORM",
        "id": "111276",
        "trust": 1.2
      },
      {
        "db": "SECTRACK",
        "id": "1026834",
        "trust": 1.1
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-001994",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201204-070",
        "trust": 0.7
      },
      {
        "db": "BID",
        "id": "52653",
        "trust": 0.5
      },
      {
        "db": "VULHUB",
        "id": "VHN-55058",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2012-1777",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "111049",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-55058"
      },
      {
        "db": "VULMON",
        "id": "CVE-2012-1777"
      },
      {
        "db": "BID",
        "id": "52653"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-001994"
      },
      {
        "db": "PACKETSTORM",
        "id": "111049"
      },
      {
        "db": "NVD",
        "id": "CVE-2012-1777"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201204-070"
      }
    ]
  },
  "id": "VAR-201204-0135",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-55058"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T13:53:32.830000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "SOL13463",
        "trust": 0.8,
        "url": "http://support.f5.com/kb/en-us/solutions/public/13000/400/sol13463.html"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-001994"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-89",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-55058"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-001994"
      },
      {
        "db": "NVD",
        "id": "CVE-2012-1777"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.2,
        "url": "http://support.f5.com/kb/en-us/solutions/public/13000/400/sol13463.html"
      },
      {
        "trust": 2.1,
        "url": "https://www.sec-consult.com/files/20120328-0_f5_firepass_ssl_vpn_unauthenticated_remote_root_v1.0.txt"
      },
      {
        "trust": 1.2,
        "url": "http://seclists.org/fulldisclosure/2012/mar/324"
      },
      {
        "trust": 1.2,
        "url": "http://packetstormsecurity.org/files/111276/f5-firepass-ssl-vpn-6.x-7.x-sql-injection.html"
      },
      {
        "trust": 1.2,
        "url": "http://www.securitytracker.com/id?1026834"
      },
      {
        "trust": 1.2,
        "url": "http://secunia.com/advisories/48455"
      },
      {
        "trust": 1.2,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74450"
      },
      {
        "trust": 1.2,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74198"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-1777"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-1777"
      },
      {
        "trust": 0.3,
        "url": "http://www.f5.com/products/firepass/"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/89.html"
      },
      {
        "trust": 0.1,
        "url": "https://www.securityfocus.com/bid/52653"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://packetstormsecurity.com/files/111276/f5-firepass-ssl-vpn-6.x-7.x-sql-injection.html"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/48455/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/psi_30_beta_launch"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/vulnerability_intelligence/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/secunia_security_advisories/"
      },
      {
        "trust": 0.1,
        "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=48455"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/about_secunia_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/vulnerability_scanning/personal/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/48455/#comments"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-55058"
      },
      {
        "db": "VULMON",
        "id": "CVE-2012-1777"
      },
      {
        "db": "BID",
        "id": "52653"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-001994"
      },
      {
        "db": "PACKETSTORM",
        "id": "111049"
      },
      {
        "db": "NVD",
        "id": "CVE-2012-1777"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201204-070"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-55058"
      },
      {
        "db": "VULMON",
        "id": "CVE-2012-1777"
      },
      {
        "db": "BID",
        "id": "52653"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-001994"
      },
      {
        "db": "PACKETSTORM",
        "id": "111049"
      },
      {
        "db": "NVD",
        "id": "CVE-2012-1777"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201204-070"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2012-04-05T00:00:00",
        "db": "VULHUB",
        "id": "VHN-55058"
      },
      {
        "date": "2012-04-05T00:00:00",
        "db": "VULMON",
        "id": "CVE-2012-1777"
      },
      {
        "date": "2012-03-14T00:00:00",
        "db": "BID",
        "id": "52653"
      },
      {
        "date": "2012-04-06T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2012-001994"
      },
      {
        "date": "2012-03-21T07:16:23",
        "db": "PACKETSTORM",
        "id": "111049"
      },
      {
        "date": "2012-04-05T14:55:05.327000",
        "db": "NVD",
        "id": "CVE-2012-1777"
      },
      {
        "date": "2012-04-09T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201204-070"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-01-06T00:00:00",
        "db": "VULHUB",
        "id": "VHN-55058"
      },
      {
        "date": "2018-01-06T00:00:00",
        "db": "VULMON",
        "id": "CVE-2012-1777"
      },
      {
        "date": "2012-03-28T23:30:00",
        "db": "BID",
        "id": "52653"
      },
      {
        "date": "2012-04-06T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2012-001994"
      },
      {
        "date": "2018-01-06T02:29:38.050000",
        "db": "NVD",
        "id": "CVE-2012-1777"
      },
      {
        "date": "2012-04-09T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201204-070"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201204-070"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "F5 FirePass of  my.activation.php3 In  SQL Injection vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-001994"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "sql injection",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "111049"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201204-070"
      }
    ],
    "trust": 0.7
  }
}

GSD-2012-1777

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

SQL injection vulnerability in my.activation.php3 in F5 FirePass 6.0.0 through 6.1.0 and 7.0.0 allows remote attackers to execute arbitrary SQL commands via the state parameter.

Aliases

CVE-2012-1777

Aliases

CVE-2012-1777

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2012-1777",
    "description": "SQL injection vulnerability in my.activation.php3 in F5 FirePass 6.0.0 through 6.1.0 and 7.0.0 allows remote attackers to execute arbitrary SQL commands via the state parameter.",
    "id": "GSD-2012-1777",
    "references": [
      "https://packetstormsecurity.com/files/cve/CVE-2012-1777"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2012-1777"
      ],
      "details": "SQL injection vulnerability in my.activation.php3 in F5 FirePass 6.0.0 through 6.1.0 and 7.0.0 allows remote attackers to execute arbitrary SQL commands via the state parameter.",
      "id": "GSD-2012-1777",
      "modified": "2023-12-13T01:20:17.913956Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2012-1777",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "SQL injection vulnerability in my.activation.php3 in F5 FirePass 6.0.0 through 6.1.0 and 7.0.0 allows remote attackers to execute arbitrary SQL commands via the state parameter."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "48455",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/48455"
          },
          {
            "name": "firepass-state-sql-injection(74450)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74450"
          },
          {
            "name": "firepass-unspecified-sql-injection(74198)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74198"
          },
          {
            "name": "20120328 SEC Consult SA-20120328-0 :: F5 FirePass SSL VPN unauthenticated remote root through SQL injection - CVE-2012-1777",
            "refsource": "FULLDISC",
            "url": "http://seclists.org/fulldisclosure/2012/Mar/324"
          },
          {
            "name": "http://support.f5.com/kb/en-us/solutions/public/13000/400/sol13463.html",
            "refsource": "CONFIRM",
            "url": "http://support.f5.com/kb/en-us/solutions/public/13000/400/sol13463.html"
          },
          {
            "name": "https://www.sec-consult.com/files/20120328-0_F5_FirePass_SSL_VPN_unauthenticated_remote_root_v1.0.txt",
            "refsource": "MISC",
            "url": "https://www.sec-consult.com/files/20120328-0_F5_FirePass_SSL_VPN_unauthenticated_remote_root_v1.0.txt"
          },
          {
            "name": "1026834",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id?1026834"
          },
          {
            "name": "http://packetstormsecurity.org/files/111276/F5-FirePass-SSL-VPN-6.x-7.x-SQL-Injection.html",
            "refsource": "MISC",
            "url": "http://packetstormsecurity.org/files/111276/F5-FirePass-SSL-VPN-6.x-7.x-SQL-Injection.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:h:f5:firepass:7.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:f5:firepass:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:f5:firepass:6.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2012-1777"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "SQL injection vulnerability in my.activation.php3 in F5 FirePass 6.0.0 through 6.1.0 and 7.0.0 allows remote attackers to execute arbitrary SQL commands via the state parameter."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-89"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://support.f5.com/kb/en-us/solutions/public/13000/400/sol13463.html",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://support.f5.com/kb/en-us/solutions/public/13000/400/sol13463.html"
            },
            {
              "name": "https://www.sec-consult.com/files/20120328-0_F5_FirePass_SSL_VPN_unauthenticated_remote_root_v1.0.txt",
              "refsource": "MISC",
              "tags": [
                "Exploit"
              ],
              "url": "https://www.sec-consult.com/files/20120328-0_F5_FirePass_SSL_VPN_unauthenticated_remote_root_v1.0.txt"
            },
            {
              "name": "48455",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/48455"
            },
            {
              "name": "20120328 SEC Consult SA-20120328-0 :: F5 FirePass SSL VPN unauthenticated remote root through SQL injection - CVE-2012-1777",
              "refsource": "FULLDISC",
              "tags": [],
              "url": "http://seclists.org/fulldisclosure/2012/Mar/324"
            },
            {
              "name": "http://packetstormsecurity.org/files/111276/F5-FirePass-SSL-VPN-6.x-7.x-SQL-Injection.html",
              "refsource": "MISC",
              "tags": [],
              "url": "http://packetstormsecurity.org/files/111276/F5-FirePass-SSL-VPN-6.x-7.x-SQL-Injection.html"
            },
            {
              "name": "firepass-state-sql-injection(74450)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74450"
            },
            {
              "name": "firepass-unspecified-sql-injection(74198)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74198"
            },
            {
              "name": "1026834",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id?1026834"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2018-01-06T02:29Z",
      "publishedDate": "2012-04-05T14:55Z"
    }
  }
}

CERTA-2012-AVI-195

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité a été corrigée dans le produit F5 FirePass. Cette vulnérabilité est de type « injection SQL » et est accessible à distance sans authentification. Il est à noter que la base MySQL est exécutée avec les droits root et que les accès FILE sont activés.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	F5	N/A	F5 FirePass version 6.0.0 à 6.1.0 ;
	F5	N/A	F5 FirePass 7.0.0.

References

Title

Publication Time

Tags

Bulletin de sécurité F5 sol13463 du 14 mars 2012	None	vendor-advisory
Bulletin de sécurité de F5 sol13463 du 14 mars 2012 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "F5 FirePass version 6.0.0 \u00e0 6.1.0 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "F5 FirePass 7.0.0.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2012-1777",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-1777"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 de F5 sol13463 du 14 mars 2012 :",
      "url": "http://support.f5.com/kb/en-us/solutions/public/13000/400/sol13463.html"
    }
  ],
  "reference": "CERTA-2012-AVI-195",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2012-04-06T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 corrig\u00e9e dans le produit \u003cspan class=\"textit\"\u003eF5\nFirePass\u003c/span\u003e. Cette vuln\u00e9rabilit\u00e9 est de type \u00ab injection SQL \u00bb et\nest accessible \u00e0 distance sans authentification. Il est \u00e0 noter que la\nbase \u003cspan class=\"textit\"\u003eMySQL\u003c/span\u003e est ex\u00e9cut\u00e9e avec les droits\n\u003cspan class=\"textit\"\u003eroot\u003c/span\u003e et que les acc\u00e8s \u003cspan\nclass=\"textit\"\u003eFILE\u003c/span\u003e sont activ\u00e9s.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans F5 FirePass",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 F5 sol13463 du 14 mars 2012",
      "url": null
    }
  ]
}

CERTA-2012-AVI-195

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	F5	N/A	F5 FirePass version 6.0.0 à 6.1.0 ;
	F5	N/A	F5 FirePass 7.0.0.

References

Title

Publication Time

Tags

Bulletin de sécurité F5 sol13463 du 14 mars 2012	None	vendor-advisory
Bulletin de sécurité de F5 sol13463 du 14 mars 2012 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "F5 FirePass version 6.0.0 \u00e0 6.1.0 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "F5 FirePass 7.0.0.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2012-1777",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-1777"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 de F5 sol13463 du 14 mars 2012 :",
      "url": "http://support.f5.com/kb/en-us/solutions/public/13000/400/sol13463.html"
    }
  ],
  "reference": "CERTA-2012-AVI-195",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2012-04-06T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 corrig\u00e9e dans le produit \u003cspan class=\"textit\"\u003eF5\nFirePass\u003c/span\u003e. Cette vuln\u00e9rabilit\u00e9 est de type \u00ab injection SQL \u00bb et\nest accessible \u00e0 distance sans authentification. Il est \u00e0 noter que la\nbase \u003cspan class=\"textit\"\u003eMySQL\u003c/span\u003e est ex\u00e9cut\u00e9e avec les droits\n\u003cspan class=\"textit\"\u003eroot\u003c/span\u003e et que les acc\u00e8s \u003cspan\nclass=\"textit\"\u003eFILE\u003c/span\u003e sont activ\u00e9s.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans F5 FirePass",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 F5 sol13463 du 14 mars 2012",
      "url": null
    }
  ]
}

GHSA-VWR9-323F-JC7G

Vulnerability from github – Published: 2022-05-14 03:52 – Updated: 2022-05-14 03:52

Details

SQL injection vulnerability in my.activation.php3 in F5 FirePass 6.0.0 through 6.1.0 and 7.0.0 allows remote attackers to execute arbitrary SQL commands via the state parameter.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2012-1777"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-89"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2012-04-05T14:55:00Z",
    "severity": "HIGH"
  },
  "details": "SQL injection vulnerability in my.activation.php3 in F5 FirePass 6.0.0 through 6.1.0 and 7.0.0 allows remote attackers to execute arbitrary SQL commands via the state parameter.",
  "id": "GHSA-vwr9-323f-jc7g",
  "modified": "2022-05-14T03:52:48Z",
  "published": "2022-05-14T03:52:48Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-1777"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74198"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74450"
    },
    {
      "type": "WEB",
      "url": "https://www.sec-consult.com/files/20120328-0_F5_FirePass_SSL_VPN_unauthenticated_remote_root_v1.0.txt"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.org/files/111276/F5-FirePass-SSL-VPN-6.x-7.x-SQL-Injection.html"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2012/Mar/324"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/48455"
    },
    {
      "type": "WEB",
      "url": "http://support.f5.com/kb/en-us/solutions/public/13000/400/sol13463.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1026834"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2012-1777 (GCVE-0-2012-1777)

FKIE_CVE-2012-1777

VAR-201204-0135

GSD-2012-1777

CERTA-2012-AVI-195

Solution

CERTA-2012-AVI-195

Solution

GHSA-VWR9-323F-JC7G

Tags

Sightings

Nomenclature