CVE-2022-41835

CWE-269Improper Privilege Management4 documents4 sources
Severity
8.8HIGH
EPSS
0.1%
top 83.23%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
F5 F5os-aF5 F5os-c
Timeline
PublishedOct 19
Latest updateOct 20

Description

In F5OS-A version 1.x before 1.1.0 and F5OS-C version 1.x before 1.5.0, excessive file permissions in F5OS allows an authenticated local attacker to execute limited set of commands in a container and impact the F5OS controller.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:HExploitability: 2.0 | Impact: 4.7

Affected Packages4 packages

CVEListV5f5/f5os-a1.x1.1.0
CVEListV5f5/f5os-c1.x1.5.0
NVDf5/f5os-a1.0.01.1.0
NVDf5/f5os-c< 1.5.0

🔴Vulnerability Details

2
GHSA
GHSA-29qx-4rqj-787m: In F5OS-A version 12022-10-20
CVEList
F5OS vulnerability CVE-2022-418352022-10-19

📋Vendor Advisories

1
F5
CVE-2022-41835: In F5OS-A version 12022-10-19
CVE-2022-41835 (HIGH CVSS 8.8) | In F5OS-A version 1.x before 1.1.0 | cvebase.io