131 matches found
CVE-2025-43878
In F5OS-A/C, the CVE-2025-43878 issue affects Appliance mode: an authenticated user with Administrator/Resource Administrator rights can bypass Appliance mode restrictions using the system diagnostics tcpdump command. Vulnerable mappings show F5OS-A versions 1.5.1–1.5.3 and F5OS-C versions 1.6.0–...
CVE-2025-43878 F5OS-A/C CLI vulnerability
When running in Appliance mode, an authenticated attacker assigned the Administrator or Resource Administrator role may be able to bypass Appliance mode restrictions utilizing system diagnostics tcpdump command utility on a F5OS-C/A system. Note: Software versions which have reached End of...
CVE-2025-43878 F5OS-A/C CLI vulnerability
When running in Appliance mode, an authenticated attacker assigned the Administrator or Resource Administrator role may be able to bypass Appliance mode restrictions utilizing system diagnostics tcpdump command utility on a F5OS-C/A system. Note: Software versions which have reached End of...
CVE-2025-36546
CVE-2025-36546 affects F5OS (Aplpliance mode) where SSH key-based login remains allowed for the root user even after Appliance Mode is enabled, enabling potential unauthorized access if an attacker possesses the root SSH private key. The F5 advisories/Red Hat/NCSC entries describe the issue as a ...
K000140574: F5OS Appliance Mode vulnerability CVE-2025-36546
Security Advisory Description On an F5OS system, if the root user configures the system to allow login using SSH key-based authentication and later enables appliance mode, the system still allows access using SSH key-based authentication. For an attacker to exploit this vulnerability they must...
K000139503: F5OS vulnerability CVE-2025-46265
Security Advisory Description On F5OS, an improper authorization vulnerability exists where remotely authenticated users LDAP, RADIUS, TACACS+ may be authorized with higher privilege F5OS roles. CVE-2025-46265 Impact This vulnerability may allow a remote, authenticated attacker to be unexpectedly...
K000139502: F5OS vulnerability CVE-2025-43878
Security Advisory Description When running in appliance mode, an authenticated attacker assigned the Administrator or Resource Administrator role may be able to bypass Appliance mode restrictions utilizing system diagnostics tcpdump command utility on a F5OS-A/C system. CVE-2025-43878 Impact In...
PT-2025-20304 · F5 · F5Os
Name of the Vulnerable Software and Affected Versions: F5OS affected versions not specified Description: The issue allows access via SSH key-based authentication even after Appliance Mode is enabled, if the root user had previously configured the system to allow such login. An attacker would need...
PT-2025-20311 · F5 · F5Os
Name of the Vulnerable Software and Affected Versions: F5OS affected versions not specified Description: An improper authorization issue exists where remotely authenticated users, such as those using LDAP, RADIUS, or TACACS+, may be granted higher privilege F5OS roles than intended...
F5 F5OS 安全漏洞
F5 F5OS is a proprietary operating system that runs on F5 Corporation's F5 appliances to support its application delivery control and security features. A security vulnerability exists in F5 F5OS that stems from SSH key authentication bypass...
PT-2025-20310 · F5 · F5Os-C/A
Name of the Vulnerable Software and Affected Versions: F5OS-C/A affected versions not specified Description: The issue allows an authenticated attacker with the Administrator or Resource Administrator role to bypass Appliance mode restrictions on a F5OS-C/A system when running in Appliance mode...
K000138966: Intel Xeon CPU vulnerability CVE-2023-23908
Security Advisory Description Improper access control in some 3rd Generation IntelR XeonR Scalable processors may allow a privileged user to potentially enable information disclosure via local access. CVE-2023-23908 Impact This vulnerability may allow a privileged user to enable information...
CVE-2024-24966
When LDAP remote authentication is configured on F5OS, a remote user without an assigned role will be incorrectly authorized. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
CVE-2024-24966
When LDAP remote authentication is configured on F5OS, a remote user without an assigned role will be incorrectly authorized. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
CVE-2024-23607
A directory traversal vulnerability exists in the F5OS QKView utility that allows an authenticated attacker to read files outside the QKView directory. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
CVE-2024-23607
A directory traversal vulnerability exists in the F5OS QKView utility that allows an authenticated attacker to read files outside the QKView directory. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
Directory traversal
A directory traversal vulnerability exists in the F5OS QKView utility that allows an authenticated attacker to read files outside the QKView directory. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
Authentication flaw
When LDAP remote authentication is configured on F5OS, a remote user without an assigned role will be incorrectly authorized. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
CVE-2024-24966 F5OS vulnerability
When LDAP remote authentication is configured on F5OS, a remote user without an assigned role will be incorrectly authorized. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
CVE-2024-24966 F5OS vulnerability
When LDAP remote authentication is configured on F5OS, a remote user without an assigned role will be incorrectly authorized. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...