Details of VAR-200706-0315

ID

VAR-200706-0315

CVE

CVE-2007-3097

TITLE

F5 FirePass 4100 SSL VPN of my.activation.php3 In the file Username An arbitrary shell command execution vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2007-002156

DESCRIPTION

my.activation.php3 in F5 FirePass 4100 SSL VPN allows remote attackers to execute arbitrary shell commands via shell metacharacters in the username parameter. F5 Firepass 4100 SSL VPN is prone to a remote command-injection vulnerability because it fails to adequately sanitize user-supplied input data. Attackers can exploit this issue to execute arbitrary commands on the affected device. Successful attacks will compromise the device. F5 FirePass SSL VPN devices allow users to securely connect to critical business applications

Trust: 1.98

sources: NVD: CVE-2007-3097 // JVNDB: JVNDB-2007-002156 // BID: 24306 // VULHUB: VHN-26459

AFFECTED PRODUCTS

vendor:	f5	model:	firepass 4100	scope:	eq	version:	*	Trust: 1.0
vendor:	f5	model:	firepass 4100	scope:	eq	version:	ssl vpn	Trust: 0.8
vendor:	f5	model:	firepass 4100	scope:	-	version:	-	Trust: 0.6
vendor:	f5	model:	firepass	scope:	eq	version:	41000	Trust: 0.3

sources: BID: 24306 // JVNDB: JVNDB-2007-002156 // CNNVD: CNNVD-200706-065 // NVD: CVE-2007-3097

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2007-3097
value:	HIGH
Trust: 1.0
NVD:	CVE-2007-3097
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-200706-065
value:	HIGH
Trust: 0.6
VULHUB:	VHN-26459
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2007-3097
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-26459
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-26459 // JVNDB: JVNDB-2007-002156 // CNNVD: CNNVD-200706-065 // NVD: CVE-2007-3097

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2007-3097

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200706-065

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-200706-065

CONFIGURATIONS

sources: JVNDB: JVNDB-2007-002156

PATCH

title:

Top Page

url:

http://www.f5.com/

Trust: 0.8

sources: JVNDB: JVNDB-2007-002156

EXTERNAL IDS

db:	NVD	id:	CVE-2007-3097	Trust: 2.8
db:	BID	id:	24306	Trust: 2.0
db:	OSVDB	id:	35246	Trust: 1.7
db:	SECTRACK	id:	1018190	Trust: 1.7
db:	VUPEN	id:	ADV-2007-2073	Trust: 1.7
db:	SECUNIA	id:	25563	Trust: 1.7
db:	JVNDB	id:	JVNDB-2007-002156	Trust: 0.8
db:	BUGTRAQ	id:	20070604 S21SEC-035: F5 FIREPASS COMMAND EXECUTION VULNERABILITY	Trust: 0.6
db:	XF	id:	34708	Trust: 0.6
db:	CNNVD	id:	CNNVD-200706-065	Trust: 0.6
db:	VULHUB	id:	VHN-26459	Trust: 0.1

sources: VULHUB: VHN-26459 // BID: 24306 // JVNDB: JVNDB-2007-002156 // CNNVD: CNNVD-200706-065 // NVD: CVE-2007-3097

REFERENCES

url:	http://www.securityfocus.com/bid/24306	Trust: 1.7
url:	http://www.s21sec.com/avisos/s21sec-035-en.txt	Trust: 1.7
url:	http://www.osvdb.org/35246	Trust: 1.7
url:	http://www.securitytracker.com/id?1018190	Trust: 1.7
url:	http://secunia.com/advisories/25563	Trust: 1.7
url:	http://www.securityfocus.com/archive/1/470444/100/0/threaded	Trust: 1.1
url:	http://www.vupen.com/english/advisories/2007/2073	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/34708	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-3097	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-3097	Trust: 0.8
url:	http://xforce.iss.net/xforce/xfdb/34708	Trust: 0.6
url:	http://www.securityfocus.com/archive/1/archive/1/470444/100/0/threaded	Trust: 0.6
url:	http://www.frsirt.com/english/advisories/2007/2073	Trust: 0.6
url:	https://downloads.f5.com/esd/index.jsp	Trust: 0.3
url:	http://www.f5.com/	Trust: 0.3
url:	/archive/1/470444	Trust: 0.3

sources: VULHUB: VHN-26459 // BID: 24306 // JVNDB: JVNDB-2007-002156 // CNNVD: CNNVD-200706-065 // NVD: CVE-2007-3097

CREDITS

Leonardo Nve※ lnve@s21sec.com※Alberto Moro※ amoro@s21sec.com

Trust: 0.6

sources: CNNVD: CNNVD-200706-065

SOURCES

db:	VULHUB	id:	VHN-26459
db:	BID	id:	24306
db:	JVNDB	id:	JVNDB-2007-002156
db:	CNNVD	id:	CNNVD-200706-065
db:	NVD	id:	CVE-2007-3097

LAST UPDATE DATE

2024-08-14T13:39:09.612000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-26459	date:	2018-10-16T00:00:00
db:	BID	id:	24306	date:	2015-05-07T17:37:00
db:	JVNDB	id:	JVNDB-2007-002156	date:	2012-06-26T00:00:00
db:	CNNVD	id:	CNNVD-200706-065	date:	2007-06-07T00:00:00
db:	NVD	id:	CVE-2007-3097	date:	2018-10-16T16:47:27.717

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-26459	date:	2007-06-06T00:00:00
db:	BID	id:	24306	date:	2007-06-04T00:00:00
db:	JVNDB	id:	JVNDB-2007-002156	date:	2012-06-26T00:00:00
db:	CNNVD	id:	CNNVD-200706-065	date:	2007-06-06T00:00:00
db:	NVD	id:	CVE-2007-3097	date:	2007-06-06T22:30:00