Bug ID 1240565: Not allowing special characters "/*!<>^,/" in SNMP community/user/target name

Last Modified: May 29, 2024

Affected Product(s):
F5OS F5OS-A, F5OS-C(all modules)

Known Affected Versions:
F5OS-A 1.2.0

Fixed In:
F5OS-C 1.6.0, F5OS-A 1.7.0, F5OS-A 1.5.2

Opened: Feb 15, 2023

Severity: 3-Major

Symptoms

Currently, we are allowing all characters to configure SNMP community/target/user. Because of that someone can use this configuration to inject script and system can be compromised.

Impact

We are allowing all characters to configure SNMP community/target/user. Because of that someone can use this configuration to inject script and system can be compromised.

Conditions

Try to configure SNMP community/target/user with below command: r10900-1(config)# system snmp communities community <script>alert(1)</script config security-model v2c r10900-1(config-community-<script>alert(1)</script)# commit Commit complete. r10900-1(config-community-<script>alert(1)</script)# r10900-1# show running-config system snmp system snmp engine-id config value mac system snmp communities community <script>alert(1)</script config security-model [ v2c ]

Workaround

N/A

Fix Information

We are restricting special characters /*!<>^,/ (identified as invalid input) as SNMP community/target/user name configuration. Note: Upgrade will fail if user already has SNMP configuration with restricting special characters /*!<>^,/

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips