F5OS: Auth Local Exec via Excessive File Perms in F5OS-A<1.1, F5OS-C<1.5
CVE-2022-41835 Published on October 19, 2022

F5OS vulnerability CVE-2022-41835
In F5OS-A version 1.x before 1.1.0 and F5OS-C version 1.x before 1.5.0, excessive file permissions in F5OS allows an authenticated local attacker to execute limited set of commands in a container and impact the F5OS controller.

NVD

Vulnerability Analysis

CVE-2022-41835 can be exploited with local system access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, with no impact on integrity, and a high impact on availability.

Attack Vector:
LOCAL
Attack Complexity:
LOW
Privileges Required:
LOW
User Interaction:
NONE
Scope:
CHANGED
Confidentiality Impact:
NONE
Integrity Impact:
LOW
Availability Impact:
HIGH

Weakness Type

Improper Privilege Management

The software does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.


Products Associated with CVE-2022-41835

stack.watch emails you whenever new vulnerabilities are published in F5 Networks F5os A or F5 Networks F5os C. Just hit a watch button to start following.

F5 Networks F5os A
 
F5 Networks F5os C
 

Affected Versions

F5OS-A: F5OS-C:

Exploit Probability

EPSS
0.05%
Percentile
16.57%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.