Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

F5OS-A

Source -

CNA

CNA CVEs -

4

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

0
Related CVEsRelated VendorsRelated AssignersReports
4Vulnerabilities found
CVE-2023-22657
Assigner-F5, Inc.
ShareView Details
Assigner-F5, Inc.
CVSS Score-7||HIGH
EPSS-0.17% / 38.49%
||
7 Day CHG~0.00%
Published-01 Feb, 2023 | 17:56
Updated-26 Mar, 2025 | 17:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
F5OS vulnerability

On F5OS-A beginning in version 1.2.0 to before 1.3.0 and F5OS-C beginning in version 1.3.0 to before 1.5.0, processing F5OS tenant file names may allow for command injection. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Action-Not Available
Vendor-F5, Inc.
Product-f5os-af5os-cF5OS-AF5OS-C
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2022-41835
Assigner-F5, Inc.
ShareView Details
Assigner-F5, Inc.
CVSS Score-7.3||HIGH
EPSS-0.05% / 13.99%
||
7 Day CHG~0.00%
Published-19 Oct, 2022 | 21:24
Updated-07 May, 2025 | 20:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
F5OS vulnerability CVE-2022-41835

In F5OS-A version 1.x before 1.1.0 and F5OS-C version 1.x before 1.5.0, excessive file permissions in F5OS allows an authenticated local attacker to execute limited set of commands in a container and impact the F5OS controller.

Action-Not Available
Vendor-F5, Inc.
Product-f5os-af5os-cF5OS-AF5OS-C
CWE ID-CWE-269
Improper Privilege Management
CVE-2022-41780
Assigner-F5, Inc.
ShareView Details
Assigner-F5, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.20% / 42.64%
||
7 Day CHG~0.00%
Published-19 Oct, 2022 | 21:22
Updated-08 May, 2025 | 18:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
F5OS CLI vulnerability CVE-2022-41780

In F5OS-A version 1.x before 1.1.0 and F5OS-C version 1.x before 1.4.0, a directory traversal vulnerability exists in an undisclosed location of the F5OS CLI that allows an attacker to read arbitrary files.

Action-Not Available
Vendor-F5, Inc.
Product-f5os-af5os-cF5OS-CF5OS-A
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2022-25990
Assigner-F5, Inc.
ShareView Details
Assigner-F5, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.23% / 45.31%
||
7 Day CHG~0.00%
Published-05 May, 2022 | 16:22
Updated-17 Sep, 2024 | 00:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

On 1.0.x versions prior to 1.0.1, systems running F5OS-A software may expose certain registry ports externally. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

Action-Not Available
Vendor-F5, Inc.
Product-f5os-aF5OS-A
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor