CVE-2024-23607

CWE-22 — Path Traversal4 documents4 sources

Severity

5.5MEDIUM

EPSS

0.2%

top 61.98%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

F5 F5os - Appliance F5 F5os - Chassis F5 F5os-a +1 more

Timeline

PublishedFeb 14

Description

A directory traversal vulnerability exists in the F5OS QKView utility that allows an authenticated attacker to read files outside the QKView directory. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages4 packages

▶NVDf5/f5os-a1.3.0 — 1.4.0

▶NVDf5/f5os-c1.3.0 — 1.6.0

▶CVEListV5f5/f5os_-_chassis1.3.0 — 1.6.0

▶CVEListV5f5/f5os_-_appliance1.3.0 — 1.4.0

🔴Vulnerability Details

GHSA

GHSA-cpp3-849q-7wmj: A directory traversal vulnerability exists in the F5OS QKView utility that allows an authenticated attacker to read files outside the QKView directory↗2024-02-14

▶

CVEList

F5OS QKView utility vulnerability↗2024-02-14

▶

📋Vendor Advisories

CVE-2024-23607: A directory traversal vulnerability exists in the F5OS QKView utility that allows an authenticated attacker to read f...↗2024-02-14

▶