F5OS-A FIPS HSM password vulnerability

When a highly-privileged, authenticated attacker attempts to initialize the rSeries FIPS module using a password with special shell metacharacters, arbitrary system commands may be executed, and the FIPS hardware security module (HSM) may fail to initialize. A successful exploit can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

OS命令中使用的特殊元素转义处理不恰当(OS命令注入)

F5 F5OS 操作系统命令注入漏洞

F5 F5OS是F5公司的F5设备上运行的专有操作系统，用于支持其应用交付控制和安全性能的功能。 F5 F5OS存在操作系统命令注入漏洞，该漏洞源于使用包含特殊shell元字符的密码初始化FIPS硬件安全模块时可能导致初始化失败。

N/A

N/A