Lucene search

F5CVELIST:CVE-2022-41835

HistoryOct 19, 2022 - 12:00 a.m.

CVE-2022-41835 F5OS vulnerability CVE-2022-41835

2022-10-1900:00:00

CWE-269

www.cve.org

cve-2022-41835

f5os

vulnerability

local attacker

execute commands

file permissions

7.3 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:H

8.8 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

In F5OS-A version 1.x before 1.1.0 and F5OS-C version 1.x before 1.5.0, excessive file permissions in F5OS allows an authenticated local attacker to execute limited set of commands in a container and impact the F5OS controller.

CNA Affected

[
  {
    "vendor": "F5",
    "product": "F5OS-A",
    "versions": [
      {
        "version": "1.x",
        "status": "affected",
        "lessThan": "1.1.0",
        "versionType": "custom"
      }
    ]
  },
  {
    "vendor": "F5",
    "product": "F5OS-C",
    "versions": [
      {
        "version": "1.x",
        "status": "affected",
        "lessThan": "1.5.0",
        "versionType": "custom"
      }
    ]
  }
]

References

support.f5.com/csp/article/K33484483

7.3 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:H

8.8 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVELIST:CVE-2022-41835