F5OS vulnerability
CVE-2023-22657

7HIGH

Key Information:

Vendor: F5
Status: F5os-a; F5os-c
Vendor: CVE Published:; 1 February 2023

What is CVE-2023-22657?

A command injection vulnerability has been identified in F5OS-A and F5OS-C products, allowing attackers to manipulate file name inputs and execute arbitrary commands. This security flaw affects versions of F5OS-A from 1.2.0 to just before 1.3.0, and F5OS-C from 1.3.0 up to but not including 1.5.0. Users are urged to review their affected systems and implement the necessary updates to mitigate possible security risks.

Affected Version(s)

F5OS-A 1.2.0 < 1.3.0

F5OS-C 1.3.0 < 1.5.0

References

https://my.f5.com/manage/s/article/K06345931

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 1, 2023
Vulnerability Reserved
Jan 13, 2023