On an F5OS system, if the root user had previously configured the system to allow login via SSH key-based authentication, and then enabled Appliance Mode; access via SSH key-based authentication is still allowed. For an attacker to exploit this vulnerability they must obtain the root user's SSH private key. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XF5 F5os A
OSF51.5.1 – 1.5.3 (bez)F5 F5os C
OSF51.6.0 – 1.6.2
Related vulnerabilities
When the Allowed IP Addresses feature is configured on the F5OS-C partition control plane, undisclosed traffic...
A vulnerability exists in F5OS-A and F5OS-C systems that may allow an authenticated attacker with local access...
A vulnerability exists in F5OS-A and F5OS-C system that may allow an authenticated attacker with local access ...
When SNMP is configured on F5OS Appliance and Chassis systems, undisclosed requests can cause an increase in S...
When running in Appliance mode, an authenticated attacker assigned the Administrator or Resource Administrator...