Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistF5CVELIST:CVE-2023-22326
HistoryFeb 01, 2023 - 5:53 p.m.

CVE-2023-22326 iControl REST and tmsh vulnerability

2023-02-0117:53:45
CWE-732
f5
www.cve.org
vulnerability
icontrol rest
tmsh
big-ip
big-iq
permission assignment
authenticated attacker
sensitive information

4.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

5.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

27.8%

JSON

In BIG-IP versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.x before 15.1.8.1, 14.1.x before 14.1.5.3, and all versions of 13.1.x, and all versions of BIG-IQ 8.x and 7.1.x, incorrect permission assignment vulnerabilities exist in the iControl REST and TMOS shell (tmsh) dig command which may allow an authenticated attacker with resource administrator or administrator role privileges to view sensitive information. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CNA Affected

[
  {
    "defaultStatus": "unknown",
    "modules": [
      "All modules"
    ],
    "product": "BIG-IP",
    "vendor": "F5",
    "versions": [
      {
        "lessThan": "17.0.0.2",
        "status": "affected",
        "version": "17.0.0",
        "versionType": "semver"
      },
      {
        "lessThan": "16.1.3.3",
        "status": "affected",
        "version": "16.1.0",
        "versionType": "semver"
      },
      {
        "lessThan": "15.1.8.1",
        "status": "affected",
        "version": "15.1.0",
        "versionType": "semver"
      },
      {
        "lessThan": "14.1.5.3",
        "status": "affected",
        "version": "14.1.0",
        "versionType": "semver"
      },
      {
        "lessThan": "*",
        "status": "affected",
        "version": "13.1.0",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unknown",
    "product": "BIG-IQ Centralized Management",
    "vendor": "F5",
    "versions": [
      {
        "lessThan": "*",
        "status": "affected",
        "version": "8.0.0",
        "versionType": "semver"
      },
      {
        "lessThan": "*",
        "status": "affected",
        "version": "7.1.0",
        "versionType": "semver"
      }
    ]
  }
]

Related

cve 1
cnvd 1
f5 2
nessus 1
nvd 1
prion 1
cve
cve
CVE-2023-22326
2023-02-01 18:15:10
cnvd
cnvd
F5 iControl REST and TMSH Privilege Management Improper Vulnerability
2023-02-01 00:00:00
f5
f5
K83284425 : iControl REST and tmsh vulnerability CVE-2023-22326
2023-02-01 00:00:00
K000130496 : Overview of F5 vulnerabilities (February 2023)
2023-02-01 00:00:00
nessus
nessus
F5 Networks BIG-IP : iControl REST and tmsh vulnerability (K83284425)
2023-06-23 00:00:00
nvd
nvd
CVE-2023-22326
2023-02-01 18:15:10
prion
prion
Command injection
2023-02-01 18:15:00

4.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

5.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

27.8%

JSON
Related for CVELIST:CVE-2023-22326
cve1cnvd1f52nessus1nvd1prion1