When running in Appliance mode, an authenticated attacker assigned the Administrator or Resource Administrator role may be able to bypass A…
When running in Appliance mode, an authenticated attacker assigned the Administrator or Resource Administrator role may be able to bypass Appliance mode restrictions utilizing system diagnostics tcpdump command utility on a F5OS-C/A system. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Quotes injected into a product can be used to compromise a system. As data are parsed, an injected/absent/duplicate/malformed use of quotes may cause the process to take unexpected actions.
https://cwe.mitre.org/data/definitions/149.html →Open in CWE collection →An attacker makes use of Cascading Style Sheets (CSS) injection to steal data cross domain from the victim's browser. The attack works by abusing the standards relating to loading of CSS: 1. Send cookies on any load of CSS (including cross-domain) 2. When parsing returned CSS ignore all data that does not make sense before a valid CSS descriptor is found by the CSS parser.
https://capec.mitre.org/data/definitions/468.html →Open in CAPEC collection →| Product | Vendor | Status |
|---|---|---|
| f5os-a | * | Tracked |
| f5os-c | * | Tracked |