Last Modified: Oct 21, 2024
Affected Product(s):
F5OS F5OS-A, F5OS-C
Fixed In:
F5OS-A 1.8.0, F5OS-A 1.7.0
Opened: Sep 15, 2023 Severity: 3-Major
In F5OS systems, root and admin users are allowed to toggle the integrity-check option from the CLI. When in FIPS mode, integrity-check should always execute on system startup and when demanded. Since the integrity-check option is configurable, users can disable it which puts the integrity of the system at risk.
An admin or root user could access the CLI and disable integrity-check. This could replace files and packages which could impact the integrity of the system.
The configurable integrity-check option is visible when the device is in FIPS mode.
N/A
We have removed the enable/disable integrity-check option from the CLI.