First published: Wed Apr 04 2012(Updated: )
The sudoers file in the Linux system configuration in F5 FirePass 6.0.0 through 6.1.0 and 7.0.0 does not require a password for executing commands as root, which allows local users to gain privileges via the sudo program, as demonstrated by the user account that executes PHP scripts, a different vulnerability than CVE-2012-1777.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
F5 FirePass SSL VPN | =6.0 | |
F5 FirePass SSL VPN | =6.1.0 | |
F5 FirePass SSL VPN | =7.0.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2012-2053 is considered a high severity vulnerability due to its potential to allow local users to gain root privileges without a password.
To fix CVE-2012-2053, ensure that the sudoers file requires a password for executing commands as root and apply the necessary patches for F5 FirePass.
CVE-2012-2053 affects F5 FirePass versions 6.0.0 through 6.1.0 and 7.0.0.
Local users can exploit CVE-2012-2053 to execute commands with root privileges without authentication, posing a significant security risk.
A possible workaround for CVE-2012-2053 is to manually modify the sudoers file to enforce password prompts for all sudo commands.