First published: Thu Jan 11 2007(Updated: )
F5 FirePass 5.4 through 5.5.1 does not properly enforce host access restrictions when a client uses a single integer (dword) representation of an IP address ("dotless IP address"), which allows remote authenticated users to connect to the FirePass administrator console and certain other network resources.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
F5 FirePass SSL VPN | =5.4 | |
F5 FirePass SSL VPN | =5.4.1 | |
F5 FirePass SSL VPN | =5.4.2 | |
F5 FirePass SSL VPN | =5.4.3 | |
F5 FirePass SSL VPN | =5.4.4 | |
F5 FirePass SSL VPN | =5.4.5 | |
F5 FirePass SSL VPN | =5.4.6 | |
F5 FirePass SSL VPN | =5.4.7 | |
F5 FirePass SSL VPN | =5.4.8 | |
F5 FirePass SSL VPN | =5.4.9 | |
F5 FirePass SSL VPN | =5.5 | |
F5 FirePass SSL VPN | =5.5.1 | |
F5 FirePass SSL VPN | =5.5.2 | |
F5 FirePass SSL VPN | =6.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2007-0188 is rated as a high-severity vulnerability due to potential unauthorized access to the F5 FirePass administrator console.
To fix CVE-2007-0188, it is recommended to apply the latest patches available for the affected versions of F5 FirePass.
CVE-2007-0188 affects F5 FirePass versions 5.4 through 5.5.1, including specific releases like 5.4.7, 5.4.8, and 6.0.
Yes, CVE-2007-0188 can be exploited remotely by authenticated users to bypass host access restrictions.
A dotless IP address refers to a single integer representation of an IP address that is improperly handled by the F5 FirePass, leading to security vulnerabilities.