Lucene search
HistoryOct 10, 2023 - 1:15 p.m.
CVE-2023-41964
cve-2023-41964
big-ip
big-iq
database
information security
encryption
nvd
vulnerability
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 Medium
AI Score
Confidence
High
0.0005 Low
EPSS
Percentile
18.1%
The BIG-IP and BIG-IQ systems do not encrypt some sensitive information written to Database (DB) variables.
Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Affected configurations
Node
f5big-ip_access_policy_managerRange13.1.0–13.1.5
ORf5big-ip_access_policy_managerRange14.1.0–14.1.5
ORf5big-ip_access_policy_managerRange15.1.0–15.1.9
ORf5big-ip_access_policy_managerRange16.1.0–16.1.4
ORf5big-ip_advanced_firewall_managerRange13.1.0–13.1.5
ORf5big-ip_advanced_firewall_managerRange14.1.0–14.1.5
ORf5big-ip_advanced_firewall_managerRange15.1.0–15.1.9
ORf5big-ip_advanced_firewall_managerRange16.1.0–16.1.4
ORf5big-ip_advanced_web_application_firewallRange13.1.0–13.1.5
ORf5big-ip_advanced_web_application_firewallRange14.1.0–14.1.5
ORf5big-ip_advanced_web_application_firewallRange15.1.0–15.1.9
ORf5big-ip_advanced_web_application_firewallRange16.1.0–16.1.4
ORf5big-ip_analyticsRange13.1.0–13.1.5
ORf5big-ip_analyticsRange14.1.0–14.1.5
ORf5big-ip_analyticsRange15.1.0–15.1.9
ORf5big-ip_analyticsRange16.1.0–16.1.4
ORf5big-ip_application_acceleration_managerRange13.1.0–13.1.5
ORf5big-ip_application_acceleration_managerRange14.1.0–14.1.5
ORf5big-ip_application_acceleration_managerRange15.1.0–15.1.9
ORf5big-ip_application_acceleration_managerRange16.1.0–16.1.4
ORf5big-ip_application_security_managerRange13.1.0–13.1.5
ORf5big-ip_application_security_managerRange14.1.0–14.1.5
ORf5big-ip_application_security_managerRange15.1.0–15.1.9
ORf5big-ip_application_security_managerRange16.1.0–16.1.4
ORf5big-ip_application_visibility_and_reportingRange13.1.0–13.1.5
ORf5big-ip_application_visibility_and_reportingRange14.1.0–14.1.5
ORf5big-ip_application_visibility_and_reportingRange15.1.0–15.1.9
ORf5big-ip_application_visibility_and_reportingRange16.1.0–16.1.4
ORf5big-ip_carrier-grade_natRange13.1.0–13.1.5
ORf5big-ip_carrier-grade_natRange14.1.0–14.1.5
ORf5big-ip_carrier-grade_natRange15.1.0–15.1.9
ORf5big-ip_carrier-grade_natRange16.1.0–16.1.4
ORf5big-ip_ddos_hybrid_defenderRange13.1.0–13.1.5
ORf5big-ip_ddos_hybrid_defenderRange14.1.0–14.1.5
ORf5big-ip_ddos_hybrid_defenderRange15.1.0–15.1.9
ORf5big-ip_ddos_hybrid_defenderRange16.1.0–16.1.4
ORf5big-ip_domain_name_systemRange13.1.0–13.1.5
ORf5big-ip_domain_name_systemRange14.1.0–14.1.5
ORf5big-ip_domain_name_systemRange15.1.0–15.1.9
ORf5big-ip_domain_name_systemRange16.1.0–16.1.4
ORf5big-ip_edge_gatewayRange13.1.0–13.1.5
ORf5big-ip_edge_gatewayRange14.1.0–14.1.5
ORf5big-ip_edge_gatewayRange15.1.0–15.1.9
ORf5big-ip_edge_gatewayRange16.1.0–16.1.4
ORf5big-ip_fraud_protection_serviceRange13.1.0–13.1.5
ORf5big-ip_fraud_protection_serviceRange14.1.0–14.1.5
ORf5big-ip_fraud_protection_serviceRange15.1.0–15.1.9
ORf5big-ip_fraud_protection_serviceRange16.1.0–16.1.4
ORf5big-ip_global_traffic_managerRange13.1.0–13.1.5
ORf5big-ip_global_traffic_managerRange14.1.0–14.1.5
ORf5big-ip_global_traffic_managerRange15.1.0–15.1.9
ORf5big-ip_global_traffic_managerRange16.1.0–16.1.4
ORf5big-ip_link_controllerRange13.1.0–13.1.5
ORf5big-ip_link_controllerRange14.1.0–14.1.5
ORf5big-ip_link_controllerRange15.1.0–15.1.9
ORf5big-ip_link_controllerRange16.1.0–16.1.4
ORf5big-ip_local_traffic_managerRange13.1.0–13.1.5
ORf5big-ip_local_traffic_managerRange14.1.0–14.1.5
ORf5big-ip_local_traffic_managerRange15.1.0–15.1.9
ORf5big-ip_local_traffic_managerRange16.1.0–16.1.4
ORf5big-ip_policy_enforcement_managerRange13.1.0–13.1.5
ORf5big-ip_policy_enforcement_managerRange14.1.0–14.1.5
ORf5big-ip_policy_enforcement_managerRange15.1.0–15.1.9
ORf5big-ip_policy_enforcement_managerRange16.1.0–16.1.4
ORf5big-ip_ssl_orchestratorRange13.1.0–13.1.5
ORf5big-ip_ssl_orchestratorRange14.1.0–14.1.5
ORf5big-ip_ssl_orchestratorRange15.1.0–15.1.9
ORf5big-ip_ssl_orchestratorRange16.1.0–16.1.4
ORf5big-ip_webacceleratorRange13.1.0–13.1.5
ORf5big-ip_webacceleratorRange14.1.0–14.1.5
ORf5big-ip_webacceleratorRange15.1.0–15.1.9
ORf5big-ip_webacceleratorRange16.1.0–16.1.4
ORf5big-ip_websafeRange13.1.0–13.1.5
ORf5big-ip_websafeRange14.1.0–14.1.5
ORf5big-ip_websafeRange15.1.0–15.1.9
ORf5big-ip_websafeRange16.1.0–16.1.4
ORf5big-iq_centralized_managementRange8.0.0–8.3.0
CNA Affected
[
{
"defaultStatus": "unknown",
"modules": [
"All Modules"
],
"product": "BIG-IP",
"vendor": "F5",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "17.1.0",
"versionType": "semver"
},
{
"lessThan": "16.1.4",
"status": "affected",
"version": "16.1.0",
"versionType": "semver"
},
{
"lessThan": "15.1.9",
"status": "affected",
"version": "15.1.0",
"versionType": "semver"
},
{
"lessThan": "*",
"status": "affected",
"version": "14.1.0",
"versionType": "semver"
},
{
"lessThan": "*",
"status": "affected",
"version": "13.1.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unknown",
"modules": [
"Centralized Management"
],
"product": "BIG-IQ",
"vendor": "F5",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "8.1.0",
"versionType": "semver"
},
{
"lessThan": "8.2.0.1.0.13.97-ENG",
"status": "affected",
"version": "8.2.0",
"versionType": "semver"
},
{
"lessThan": "8.3.0.0.12.118-ENG",
"status": "affected",
"version": "8.3.0",
"versionType": "semver"
}
]
}
]References
Related
f5
f5
K20850144 : BIG-IP and BIG-IQ DB variable vulnerability CVE-2023-41964
2023-10-10 00:00:00
K000137053 : Overview of F5 vulnerabilities (October 2023)
2023-10-10 00:00:00
nvd
nvd
CVE-2023-41964
2023-10-10 13:15:21
nessus
nessus
F5 Networks BIG-IP : BIG-IP and BIG-IQ DB Variable Vulnerability (K20850144)
2023-10-13 00:00:00
cvelist
cvelist
CVE-2023-41964 BIG-IP and BIG-IQ Database Variable vulnerability
2023-10-10 12:33:51
prion
prion
Design/Logic Flaw
2023-10-10 13:15:00
cnvd
cnvd
F5 BIG-IP Sensitive Information Plaintext Storage Vulnerability
2023-10-11 00:00:00
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 Medium
AI Score
Confidence
High
0.0005 Low
EPSS
Percentile
18.1%
Related for CVE-2023-41964