Описание
When a highly-privileged, authenticated attacker attempts to initialize the rSeries FIPS module using a password with special shell metacharacters, arbitrary system commands may be executed, and the FIPS hardware security module (HSM) may fail to initialize. A successful exploit can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Ссылки
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 1.5.1 (включая) до 1.5.4 (исключая)
Одно из
cpe:2.3:o:f5:f5os-a:*:*:*:*:*:*:*:*
cpe:2.3:o:f5:f5os-a:1.8.0:*:*:*:*:*:*:*
EPSS
Процентиль: 12%
0.0004
Низкий
4.6 Medium
CVSS3
Дефекты
CWE-78
Связанные уязвимости
CVSS3: 5.7
github
4 месяца назад
When a user attempts to initialize the rSeries FIPS module using a password with special shell metacharacters, the FIPS hardware security module (HSM) may fail to initialize. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
EPSS
Процентиль: 12%
0.0004
Низкий
4.6 Medium
CVSS3
Дефекты
CWE-78