Command injection

An improper neutralization of special elements used in an OS command 'OS Command Injection' vulnerability CWE-78 in FortiWeb version 7.0.1 and below, 6.4 all versions, version 6.3.18 and below may allow a privileged attacker to execute arbitrary bash commands via crafted cli backup parameters...

CVE-2023-23777

An improper neutralization of special elements used in an OS command 'OS Command Injection' vulnerability CWE-78 in FortiWeb version 7.0.1 and below, 6.4 all versions, version 6.3.18 and below may allow a privileged attacker to execute arbitrary bash commands via crafted cli backup parameters...

CVE-2023-23777

An improper neutralization of special elements used in an OS command 'OS Command Injection' vulnerability CWE-78 in FortiWeb version 7.0.1 and below, 6.4 all versions, version 6.3.18 and below may allow a privileged attacker to execute arbitrary bash commands via crafted cli backup parameters...

K04234247: Resource Administrator or Administrator role authenticated local command execution vulnerability CVE-2021-23012

Security Advisory Description Lack of input validation for items used in system support functionality may allow users granted either "Resource Administrator" or "Administrator" roles to execute arbitrary bash commands on BIG-IP. CVE-2021-23012 Impact In a standard BIG-IP deployment, a minor...

CVE-2021-23012

On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.3, 14.1.x before 14.1.4, and 13.1.x before 13.1.4, lack of input validation for items used in the system support functionality may allow users granted either "Resource Administrator" or "Administrator" roles to execute arbitrary bash...

F5 Networks BIG-IP : iControl REST vulnerability (K44885536)

Undisclosed iControl REST worker is vulnerable to command injection by an administrator or resource administrator user. This attack is only exploitable on multi-bladed systems. Thevulnerability allows bypass of Appliance mode security on BIG-IP systems by allowing the execution of arbitrary...