Last Modified: Aug 01, 2024
Affected Product(s):
F5OS F5OS-A, F5OS-C
Known Affected Versions:
F5OS-A 1.2.0
Fixed In:
F5OS-C 1.6.0, F5OS-A 1.7.0, F5OS-A 1.5.2
Opened: Feb 15, 2023 Severity: 3-Major
Currently, we are allowing all characters to configure SNMP community/target/user. Because of that someone can use this configuration to inject script and system can be compromised.
We are allowing all characters to configure SNMP community/target/user. Because of that someone can use this configuration to inject script and system can be compromised.
Try to configure SNMP community/target/user with below command: r10900-1(config)# system snmp communities community <script>alert(1)</script config security-model v2c r10900-1(config-community-<script>alert(1)</script)# commit Commit complete. r10900-1(config-community-<script>alert(1)</script)# r10900-1# show running-config system snmp system snmp engine-id config value mac system snmp communities community <script>alert(1)</script config security-model [ v2c ]
N/A
We are restricting special characters /*!<>^,/ (identified as invalid input) as SNMP community/target/user name configuration. Note: Upgrade will fail if user already has SNMP configuration with restricting special characters /*!<>^,/