CVE-2023-22657

Name of the Vulnerable Software and Affected Versions F5OS-A versions 1.2.0 through 1.2.x F5OS-C versions 1.3.0 through 1.4.x

Description The issue allows for command injection when processing F5OS tenant file names. This may potentially lead to unauthorized access or control. No information is provided about the estimated number of affected devices or real-world incidents.

Recommendations For F5OS-A versions 1.2.0 through 1.2.x, update to a version after 1.2.x to resolve the issue. For F5OS-C versions 1.3.0 through 1.4.x, update to a version after 1.4.x to resolve the issue. As a temporary workaround, consider restricting access to F5OS tenant file names to minimize the risk of exploitation.