CVE-2023-22657
HIGHF5OS-A 1.2.0-1.2.9 and F5OS-C 1.3.0-1.4.9 - OS Command Injection via Tenant File Name Processing
Title source: llmDescription
On F5OS-A beginning in version 1.2.0 to before 1.3.0 and F5OS-C beginning in version 1.3.0 to before 1.5.0, processing F5OS tenant file names may allow for command injection. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
References (1)
Core 1
Core References
Vendor Advisory
https://my.f5.com/manage/s/article/K06345931
Scores
CVSS v3
7.0
EPSS
0.0033
EPSS Percentile
56.0%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-77
Status
published
Products (2)
f5/f5os-a
1.2.0 - 1.3.0
f5/f5os-c
1.3.0 - 1.5.0
Published
Feb 01, 2023
Tracked Since
Feb 18, 2026