Lucene search
HistoryAug 02, 2023 - 4:15 p.m.
CVE-2023-38419
cve-2023-38419
icontrol soap
authenticated attacker
software vulnerability
nvd
4.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
4.8 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
13.4%
An authenticated attacker with guest privileges or higher can cause the iControl SOAP process to terminate by sending undisclosed requests. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Affected configurations
Node
f5big-ip_access_policy_managerRange13.1.0–13.1.5
ORf5big-ip_access_policy_managerRange14.1.0–14.1.5.5
ORf5big-ip_access_policy_managerRange15.1.0–15.1.9.1
ORf5big-ip_access_policy_managerRange16.1.0–16.1.3.5
ORf5big-ip_access_policy_managerRange17.0.0–17.1.0.2
ORf5big-ip_advanced_firewall_managerRange13.1.0–13.1.5
ORf5big-ip_advanced_firewall_managerRange14.1.0–14.1.5.5
ORf5big-ip_advanced_firewall_managerRange15.1.0–15.1.9.1
ORf5big-ip_advanced_firewall_managerRange16.1.0–16.1.3.5
ORf5big-ip_advanced_firewall_managerRange17.0.0–17.1.0.2
ORf5big-ip_advanced_web_application_firewallRange13.1.0–13.1.5
ORf5big-ip_advanced_web_application_firewallRange14.1.0–14.1.5.5
ORf5big-ip_advanced_web_application_firewallRange15.1.0–15.1.9.1
ORf5big-ip_advanced_web_application_firewallRange16.1.0–16.1.3.5
ORf5big-ip_advanced_web_application_firewallRange17.0.0–17.1.0.2
ORf5big-ip_analyticsRange13.1.0–13.1.5
ORf5big-ip_analyticsRange14.1.0–14.1.5.5
ORf5big-ip_analyticsRange15.1.0–15.1.9.1
ORf5big-ip_analyticsRange16.1.0–16.1.3.5
ORf5big-ip_analyticsRange17.0.0–17.1.0.2
ORf5big-ip_application_acceleration_managerRange13.1.0–13.1.5
ORf5big-ip_application_acceleration_managerRange14.1.0–14.1.5.5
ORf5big-ip_application_acceleration_managerRange15.1.0–15.1.9.1
ORf5big-ip_application_acceleration_managerRange16.1.0–16.1.3.5
ORf5big-ip_application_acceleration_managerRange17.0.0–17.1.0.2
ORf5big-ip_application_security_managerRange13.1.0–13.1.5
ORf5big-ip_application_security_managerRange14.1.0–14.1.5.5
ORf5big-ip_application_security_managerRange15.1.0–15.1.9.1
ORf5big-ip_application_security_managerRange16.1.0–16.1.3.5
ORf5big-ip_application_security_managerRange17.0.0–17.1.0.2
ORf5big-ip_application_visibility_and_reportingRange13.1.0–13.1.5
ORf5big-ip_application_visibility_and_reportingRange14.1.0–14.1.5.5
ORf5big-ip_application_visibility_and_reportingRange15.1.0–15.1.9.1
ORf5big-ip_application_visibility_and_reportingRange16.1.0–16.1.3.5
ORf5big-ip_application_visibility_and_reportingRange17.0.0–17.1.0.2
ORf5big-ip_carrier-grade_natRange13.1.0–13.1.5
ORf5big-ip_carrier-grade_natRange14.1.0–14.1.5.5
ORf5big-ip_carrier-grade_natRange15.1.0–15.1.9.1
ORf5big-ip_carrier-grade_natRange16.1.0–16.1.3.5
ORf5big-ip_carrier-grade_natRange17.0.0–17.1.0.2
ORf5big-ip_ddos_hybrid_defenderRange13.1.0–13.1.5
ORf5big-ip_ddos_hybrid_defenderRange14.1.0–14.1.5.5
ORf5big-ip_ddos_hybrid_defenderRange15.1.0–15.1.9.1
ORf5big-ip_ddos_hybrid_defenderRange16.1.0–16.1.3.5
ORf5big-ip_ddos_hybrid_defenderRange17.0.0–17.1.0.2
ORf5big-ip_domain_name_systemRange13.1.0–13.1.5
ORf5big-ip_domain_name_systemRange14.1.0–14.1.5.5
ORf5big-ip_domain_name_systemRange15.1.0–15.1.9.1
ORf5big-ip_domain_name_systemRange16.1.0–16.1.3.5
ORf5big-ip_domain_name_systemRange17.0.0–17.1.0.2
ORf5big-ip_edge_gatewayRange13.1.0–13.1.5
ORf5big-ip_edge_gatewayRange14.1.0–14.1.5.5
ORf5big-ip_edge_gatewayRange15.1.0–15.1.9.1
ORf5big-ip_edge_gatewayRange16.1.0–16.1.3.5
ORf5big-ip_edge_gatewayRange17.0.0–17.1.0.2
ORf5big-ip_fraud_protection_serviceRange13.1.0–13.1.5
ORf5big-ip_fraud_protection_serviceRange14.1.0–14.1.5.5
ORf5big-ip_fraud_protection_serviceRange15.1.0–15.1.9.1
ORf5big-ip_fraud_protection_serviceRange16.1.0–16.1.3.5
ORf5big-ip_fraud_protection_serviceRange17.0.0–17.1.0.2
ORf5big-ip_global_traffic_managerRange13.1.0–13.1.5
ORf5big-ip_global_traffic_managerRange14.1.0–14.1.5.5
ORf5big-ip_global_traffic_managerRange15.1.0–15.1.9.1
ORf5big-ip_global_traffic_managerRange16.1.0–16.1.3.5
ORf5big-ip_global_traffic_managerRange17.0.0–17.1.0.2
ORf5big-ip_link_controllerRange13.1.0–13.1.5
ORf5big-ip_link_controllerRange14.1.0–14.1.5.5
ORf5big-ip_link_controllerRange15.1.0–15.1.9.1
ORf5big-ip_link_controllerRange16.1.0–16.1.3.5
ORf5big-ip_link_controllerRange17.0.0–17.1.0
ORf5big-ip_local_traffic_managerRange13.1.0–13.1.5
ORf5big-ip_local_traffic_managerRange14.1.0–14.1.5.5
ORf5big-ip_local_traffic_managerRange15.1.0–15.1.9.1
ORf5big-ip_local_traffic_managerRange16.1.0–16.1.3.5
ORf5big-ip_local_traffic_managerRange17.0.0–17.1.0.2
ORf5big-ip_policy_enforcement_managerRange13.1.0–13.1.5
ORf5big-ip_policy_enforcement_managerRange14.1.0–14.1.5.5
ORf5big-ip_policy_enforcement_managerRange15.1.0–15.1.9.1
ORf5big-ip_policy_enforcement_managerRange16.1.0–16.1.3.5
ORf5big-ip_policy_enforcement_managerRange17.0.0–17.1.0.2
ORf5big-ip_ssl_orchestratorRange13.1.0–13.1.5
ORf5big-ip_ssl_orchestratorRange14.1.0–14.1.5.5
ORf5big-ip_ssl_orchestratorRange15.1.0–15.1.9.1
ORf5big-ip_ssl_orchestratorRange16.1.0–16.1.3.5
ORf5big-ip_ssl_orchestratorRange17.0.0–17.1.0.2
ORf5big-ip_webacceleratorRange13.1.0–13.1.5
ORf5big-ip_webacceleratorRange14.1.0–14.1.5.5
ORf5big-ip_webacceleratorRange15.1.0–15.1.9.1
ORf5big-ip_webacceleratorRange16.1.0–16.1.3.5
ORf5big-ip_webacceleratorRange17.0.0–17.1.0.2
ORf5big-ip_websafeRange13.1.0–13.1.5
ORf5big-ip_websafeRange14.1.0–14.1.5.5
ORf5big-ip_websafeRange15.1.0–15.1.9.1
ORf5big-ip_websafeRange16.1.0–16.1.3.5
ORf5big-ip_websafeRange17.0.0–17.1.0.2
ORf5big-iq_centralized_managementRange8.2.0–8.3.0
CNA Affected
[
{
"defaultStatus": "unknown",
"modules": [
"All Modules"
],
"product": "BIG-IP",
"vendor": "F5",
"versions": [
{
"lessThan": "17.1.0.2",
"status": "affected",
"version": "17.1.0",
"versionType": "semver"
},
{
"lessThan": "16.1.3.5",
"status": "affected",
"version": "16.1.0",
"versionType": "semver"
},
{
"lessThan": "15.1.9.1",
"status": "affected",
"version": "15.1.0",
"versionType": "semver"
},
{
"lessThan": "14.1.5.5",
"status": "affected",
"version": "14.1.0",
"versionType": "semver"
},
{
"lessThan": "*",
"status": "affected",
"version": "13.1.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unknown",
"product": "BIG-IQ",
"vendor": "F5",
"versions": [
{
"changes": [
{
"at": "Hotfix-BIG-IQ-8.2.0.1.0.10.97-ENG.iso",
"status": "unaffected"
}
],
"lessThan": "*",
"status": "affected",
"version": "8.2.0",
"versionType": "semver"
},
{
"changes": [
{
"at": "Hotfix-BIG-IQ-8.3.0.0.4.118-ENG.iso",
"status": "unaffected"
}
],
"lessThan": "*",
"status": "affected",
"version": "8.3.0",
"versionType": "semver"
}
]
}
]References
Related
f5
f5
K000133472 : BIG-IP and BIG-IQ iControl SOAP vulnerability CVE-2023-38419
2023-08-02 00:00:00
K000135479 : Overview of F5 vulnerabilities (August 2023)
2023-08-02 00:00:00
nvd
nvd
CVE-2023-38419
2023-08-02 16:15:10
prion
prion
Code injection
2023-08-02 16:15:00
cnvd
cnvd
F5 BIG-IP and BIG-IQ Centralized Management Denial of Service Vulnerability
2023-08-07 00:00:00
nessus
nessus
cvelist
cvelist
CVE-2023-38419 BIG-IP and BIG-IQ iControl SOAP vulnerability
2023-08-02 15:55:27
4.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
4.8 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
13.4%
Related for CVE-2023-38419