Historically, some versions of the FirePass SSL VPN failed to sanitize input or validate the source of a request. Attackers could trick an authenticated user into clicking a link that executed actions in their session before "hanging up."
Vulnerable F5 FirePass 6.0.2 hotfix 3 installations. vdesk hangupphp3 exploit
Scanner HTTP requests redirect to /vdesk/hangup.php3 - My F5 Historically, some versions of the FirePass SSL VPN
: Because the administrator is authenticated, the script can execute actions with administrative privileges, such as changing configurations or stealing session cookies. Exploit-DB Modern Risks vdesk hangupphp3 exploit
Last updated: May 2026 – Reflects current exploit variations and mitigation best practices.
The proof-of-concept (PoC) circulating on niche exploit forums is rudimentary. It relies on a specific user-agent string and a null-byte injection in the call_id parameter.