Lucene search

[email protected]CVE-2023-42768

HistoryOct 10, 2023 - 1:15 p.m.

CVE-2023-42768

2023-10-1013:15:21

CWE-613

[email protected]

web.nvd.nist.gov

cve-2023-42768

unauthorized access

non-admin user

icontrol rest

big-ip

security vulnerability

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

19.3%

JSON

When a non-admin user has been assigned an administrator role via an iControl REST PUT request and later the user’s role is reverted back to a non-admin role via the Configuration utility, tmsh, or iControl REST. BIG-IP non-admin user can still have access to iControl REST admin resource. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Affected configurations

NVD

Node

f5big-ip_access_policy_managerRange13.1.0–13.1.5

f5big-ip_access_policy_managerRange14.1.0–14.1.5

f5big-ip_access_policy_managerRange15.1.0–15.1.9

f5big-ip_access_policy_managerRange16.1.0–16.1.4

f5big-ip_advanced_firewall_managerRange13.1.0–13.1.5

f5big-ip_advanced_firewall_managerRange14.1.0–14.1.5

f5big-ip_advanced_firewall_managerRange15.1.0–15.1.9

f5big-ip_advanced_firewall_managerRange16.1.0–16.1.4

f5big-ip_advanced_web_application_firewallRange13.1.0–13.1.5

f5big-ip_advanced_web_application_firewallRange14.1.0–14.1.5

f5big-ip_advanced_web_application_firewallRange15.1.0–15.1.9

f5big-ip_advanced_web_application_firewallRange16.1.0–16.1.4

f5big-ip_analyticsRange13.1.0–13.1.5

f5big-ip_analyticsRange14.1.0–14.1.5

f5big-ip_analyticsRange15.1.0–15.1.9

f5big-ip_analyticsRange16.1.0–16.1.4

f5big-ip_application_acceleration_managerRange13.1.0–13.1.5

f5big-ip_application_acceleration_managerRange14.1.0–14.1.5

f5big-ip_application_acceleration_managerRange15.1.0–15.1.9

f5big-ip_application_acceleration_managerRange16.1.0–16.1.4

f5big-ip_application_security_managerRange13.1.0–13.1.5

f5big-ip_application_security_managerRange14.1.0–14.1.5

f5big-ip_application_security_managerRange15.1.0–15.1.9

f5big-ip_application_security_managerRange16.1.0–16.1.4

f5big-ip_application_visibility_and_reportingRange13.1.0–13.1.5

f5big-ip_application_visibility_and_reportingRange14.1.0–14.1.5

f5big-ip_application_visibility_and_reportingRange15.1.0–15.1.9

f5big-ip_application_visibility_and_reportingRange16.1.0–16.1.4

f5big-ip_carrier-grade_natRange13.1.0–13.1.5

f5big-ip_carrier-grade_natRange14.1.0–14.1.5

f5big-ip_carrier-grade_natRange15.1.0–15.1.9

f5big-ip_carrier-grade_natRange16.1.0–16.1.4

f5big-ip_ddos_hybrid_defenderRange13.1.0–13.1.5

f5big-ip_ddos_hybrid_defenderRange14.1.0–14.1.5

f5big-ip_ddos_hybrid_defenderRange15.1.0–15.1.9

f5big-ip_ddos_hybrid_defenderRange16.1.0–16.1.4

f5big-ip_domain_name_systemRange13.1.0–13.1.5

f5big-ip_domain_name_systemRange14.1.0–14.1.5

f5big-ip_domain_name_systemRange15.1.0–15.1.9

f5big-ip_domain_name_systemRange16.1.0–16.1.4

f5big-ip_edge_gatewayRange13.1.0–13.1.5

f5big-ip_edge_gatewayRange14.1.0–14.1.5

f5big-ip_edge_gatewayRange15.1.0–15.1.9

f5big-ip_edge_gatewayRange16.1.0–16.1.4

f5big-ip_fraud_protection_serviceRange13.1.0–13.1.5

f5big-ip_fraud_protection_serviceRange14.1.0–14.1.5

f5big-ip_fraud_protection_serviceRange15.1.0–15.1.9

f5big-ip_fraud_protection_serviceRange16.1.0–16.1.4

f5big-ip_global_traffic_managerRange13.1.0–13.1.5

f5big-ip_global_traffic_managerRange14.1.0–14.1.5

f5big-ip_global_traffic_managerRange15.1.0–15.1.9

f5big-ip_global_traffic_managerRange16.1.0–16.1.4

f5big-ip_link_controllerRange13.1.0–13.1.5

f5big-ip_link_controllerRange14.1.0–14.1.5

f5big-ip_link_controllerRange15.1.0–15.1.9

f5big-ip_link_controllerRange16.1.0–16.1.4

f5big-ip_local_traffic_managerRange13.1.0–13.1.5

f5big-ip_local_traffic_managerRange14.1.0–14.1.5

f5big-ip_local_traffic_managerRange15.1.0–15.1.9

f5big-ip_local_traffic_managerRange16.1.0–16.1.4

f5big-ip_policy_enforcement_managerRange13.1.0–13.1.5

f5big-ip_policy_enforcement_managerRange14.1.0–14.1.5

f5big-ip_policy_enforcement_managerRange15.1.0–15.1.9

f5big-ip_policy_enforcement_managerRange16.1.0–16.1.4

f5big-ip_ssl_orchestratorRange13.1.0–13.1.5

f5big-ip_ssl_orchestratorRange14.1.0–14.1.5

f5big-ip_ssl_orchestratorRange15.1.0–15.1.9

f5big-ip_ssl_orchestratorRange16.1.0–16.1.4

f5big-ip_webacceleratorRange13.1.0–13.1.5

f5big-ip_webacceleratorRange14.1.0–14.1.5

f5big-ip_webacceleratorRange15.1.0–15.1.9

f5big-ip_webacceleratorRange16.1.0–16.1.4

f5big-ip_websafeRange13.1.0–13.1.5

f5big-ip_websafeRange14.1.0–14.1.5

f5big-ip_websafeRange15.1.0–15.1.9

f5big-ip_websafeRange16.1.0–16.1.4

CPENameOperatorVersion
f5:big-ip_access_policy_managerf5 big-ip access policy managerle13.1.5
f5:big-ip_access_policy_managerf5 big-ip access policy managerle14.1.5
f5:big-ip_access_policy_managerf5 big-ip access policy managerlt15.1.9
f5:big-ip_access_policy_managerf5 big-ip access policy managerlt16.1.4
f5:big-ip_advanced_firewall_managerf5 big-ip advanced firewall managerle13.1.5
f5:big-ip_advanced_firewall_managerf5 big-ip advanced firewall managerle14.1.5
f5:big-ip_advanced_firewall_managerf5 big-ip advanced firewall managerlt15.1.9
f5:big-ip_advanced_firewall_managerf5 big-ip advanced firewall managerlt16.1.4
f5:big-ip_advanced_web_application_firewallf5 big-ip advanced web application firewallle13.1.5
f5:big-ip_advanced_web_application_firewallf5 big-ip advanced web application firewallle14.1.5

CPE	Name	Operator	Version
f5:big-ip_access_policy_manager	f5 big-ip access policy manager	le	13.1.5
f5:big-ip_access_policy_manager	f5 big-ip access policy manager	le	14.1.5
f5:big-ip_access_policy_manager	f5 big-ip access policy manager	lt	15.1.9
f5:big-ip_access_policy_manager	f5 big-ip access policy manager	lt	16.1.4
f5:big-ip_advanced_firewall_manager	f5 big-ip advanced firewall manager	le	13.1.5
f5:big-ip_advanced_firewall_manager	f5 big-ip advanced firewall manager	le	14.1.5
f5:big-ip_advanced_firewall_manager	f5 big-ip advanced firewall manager	lt	15.1.9
f5:big-ip_advanced_firewall_manager	f5 big-ip advanced firewall manager	lt	16.1.4
f5:big-ip_advanced_web_application_firewall	f5 big-ip advanced web application firewall	le	13.1.5
f5:big-ip_advanced_web_application_firewall	f5 big-ip advanced web application firewall	le	14.1.5

Rows per page:

1-10 of 761

CNA Affected

[
  {
    "defaultStatus": "unknown",
    "modules": [
      "All Modules"
    ],
    "product": "BIG-IP",
    "vendor": "F5",
    "versions": [
      {
        "lessThan": "*",
        "status": "unaffected",
        "version": "17.1.0",
        "versionType": "semver"
      },
      {
        "lessThan": "16.1.4",
        "status": "affected",
        "version": "16.1.0",
        "versionType": "semver"
      },
      {
        "lessThan": "15.1.9",
        "status": "affected",
        "version": "15.1.0",
        "versionType": "semver"
      },
      {
        "lessThan": "*",
        "status": "affected",
        "version": "14.1.0",
        "versionType": "semver"
      },
      {
        "lessThan": "*",
        "status": "affected",
        "version": "13.1.0",
        "versionType": "semver"
      }
    ]
  }
]