CVE-2023-22657 HIGH

CVE-2023-22657: F5OS vulnerability

Vendor F5

Product F5OS-A

Weakness CWE-77

Published February 1, 2023

Last update March 26, 2025

View on NVD All CVEs

CVSS base score

7.0/10

Attack vector Local

Attack complexity High

Privileges required None

User interaction Required

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

On F5OS-A beginning in version 1.2.0 to before 1.3.0 and F5OS-C beginning in version 1.3.0 to before 1.5.0, processing F5OS tenant file names may allow for command injection. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Key dates

02Disclosure timeline

February 1, 2023 CVE published

March 26, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-22657 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/77.html

Related vulnerabilities

Identifiers

CVE CVE-2023-22657

CWE CWE-77

CVSS 7.0 / HIGH

Affected versions

Vendor F5

Product F5OS-A

Affected ≥ 1.2.0 and < 1.3.0

Vendor F5

Product F5OS-C

Affected ≥ 1.3.0 and < 1.5.0

CVE-2023-22657: F5OS vulnerability

01Description

02Disclosure timeline

03References

04Related CVE