CVE-2023-22657

CWE-77Command Injection4 documents4 sources
Severity
7.8HIGH
EPSS
0.3%
top 44.07%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
F5 F5os-aF5 F5os-c
Timeline
PublishedFeb 1

Description

On F5OS-A beginning in version 1.2.0 to before 1.3.0 and F5OS-C beginning in version 1.3.0 to before 1.5.0, processing F5OS tenant file names may allow for command injection. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.0 | Impact: 5.9

Affected Packages4 packages

CVEListV5f5/f5os-a1.2.01.3.0
CVEListV5f5/f5os-c1.3.01.5.0
NVDf5/f5os-a1.2.01.3.0
NVDf5/f5os-c1.3.01.5.0

🔴Vulnerability Details

2
GHSA
GHSA-w3xq-cm43-cgpm: On F5OS-A beginning in version 12023-02-01
CVEList
F5OS vulnerability2023-02-01

📋Vendor Advisories

1
F5
CVE-2023-22657: On F5OS-A beginning in version 12023-02-01
CVE-2023-22657 (HIGH CVSS 7.8) | On F5OS-A beginning in version 1.2. | cvebase.io