F5 has released version 1.1.0 of the F5OS CLI, which fixes this issue. F5 has released version 1.4.0 of the F5OS-C Web interface, which fixes this issue.
F5 has also released version 1.4.0 of the F5OS-A Web interface, which fixes this issue.
The following CVE has been assigned for this issue: CVE-2018-4193 F5 has determined there is no active threat of exploit. - Exploitation of directory traversal vulnerability requires a low skill level to pull off. - F5 recommends the F5 integrated solution with F5 BIG-IP APM or F5 FlexRemote instead of the F5OS CLI.
Overview of the Issue
Directory traversal vulnerabilities are a type of flaw in which certain directory traversal attacks can be performed using out-of-the-box credentials.
Description of F5 product line and version specific information
F5 has released version 1.1.0 of the F5OS CLI and F5OS-C Web interface, which fixes this issue.
F5 has also released version 1.4.0 of the F5OS-A Web interface, which fixes this issue.
Timeline
Published on: 10/19/2022 22:15:00 UTC
Last modified on: 10/24/2022 13:31:00 UTC