Lucene search

F5CVELIST:CVE-2023-28742

HistoryMay 03, 2023 - 2:34 p.m.

CVE-2023-28742 BIG-IP iQuery mesh vulnerability

2023-05-0314:34:38

CWE-78

www.cve.org

cve-2023-28742

big-ip

iquery

remote command execution

dns

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

AI Score

Confidence

High

EPSS

0.001

Percentile

35.0%

JSON

When DNS is provisioned, an authenticated remote command execution vulnerability exists in DNS iQuery mesh.

Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CNA Affected

[
  {
    "defaultStatus": "unknown",
    "modules": [
      "DNS"
    ],
    "product": "BIG-IP",
    "vendor": "F5",
    "versions": [
      {
        "lessThan": "17.1.0.1",
        "status": "affected",
        "version": "17.1.0",
        "versionType": "semver"
      },
      {
        "lessThan": "*",
        "status": "affected",
        "version": "17.0.0",
        "versionType": "semver"
      },
      {
        "lessThan": "16.1.3.4",
        "status": "affected",
        "version": "16.1.0",
        "versionType": "semver"
      },
      {
        "lessThan": "15.1.8.2",
        "status": "affected",
        "version": "15.1.0",
        "versionType": "semver"
      },
      {
        "lessThan": "14.1.5.4",
        "status": "affected",
        "version": "14.1.0",
        "versionType": "semver"
      },
      {
        "lessThan": "*",
        "status": "affected",
        "version": "13.1.0",
        "versionType": "semver"
      }
    ]
  }
]

References

my.f5.com/manage/s/article/K000132972

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

AI Score

Confidence

High

EPSS

0.001

Percentile

35.0%

JSON

Related for CVELIST:CVE-2023-28742