K000130415: iControl SOAP vulnerability CVE-2023-22374

🗓️ 01 Feb 2023 13:14:11Reported by f5Type

f5🔗 my.f5.com👁 23 Views

iControl SOAP vulnerability CVE-2023-22374 allows authenticated attacker to execute arbitrary code, cross security boundary and cause DoS

Reporter	Title	Published	Views	Family All 18
BDU FSTEC	The vulnerability of the iControl SOAP interface for access control and remote authentication in BIG-IP allows a perpetrator to execute arbitrary code.	1 Dec 202300:00	–	bdu_fstec
Circl	CVE-2023-22374	1 Feb 202320:14	–	circl
CNNVD	F5 BIG-IP 格式化字符串错误漏洞	1 Feb 202300:00	–	cnnvd
CNVD	F5 iControl SOAP elevation of privilege vulnerability	1 Feb 202300:00	–	cnvd
CVE	CVE-2023-22374	1 Feb 202317:54	–	cve
Cvelist	CVE-2023-22374 iControl SOAP vulnerability	1 Feb 202317:54	–	cvelist
EUVD	EUVD-2023-26537	3 Oct 202520:07	–	euvd
F5 Networks	K000130496: Overview of F5 vulnerabilities (February 2023)	1 Feb 202313:56	–	f5
Tenable Nessus	F5 Networks BIG-IP : iControl SOAP vulnerability (K000130415)	23 Jun 202300:00	–	nessus
NCSC	Vulnerabilities fixed in F5 BIG-IP	2 Feb 202300:00	–	ncsc

Vulners

Node

f5 big-ip_next_spkRange17.0.0–17.1.0

OR

f5 big-ip_aamRange17.0.0–17.1.0

OR

f5 big-ip_afmRange17.0.0–17.1.0

OR

f5 big-ip_analyticsRange17.0.0–17.1.0

OR

f5 big-ip_apmRange17.0.0–17.1.0

OR

f5 big-ip_asmRange17.0.0–17.1.0

OR

f5 big-ip_ddos_hybrid_defenderRange17.0.0–17.1.0

OR

f5 big-ip_dnsRange17.0.0–17.1.0

OR

f5 big-ip_fpsRange17.0.0–17.1.0

OR

f5 big-ip_link_controllerRange17.0.0–17.1.0

OR

f5 big-ip_ltmRange17.0.0–17.1.0

OR

f5 big-ip_pemRange17.0.0–17.1.0

OR

f5 big-ip_ssl_orchestratorRange17.0.0–17.1.0

OR

f5 big-ip_next_spkRange16.1.2.2–16.1.3

OR

f5 big-ip_aamRange16.1.2.2–16.1.3

OR

f5 big-ip_afmRange16.1.2.2–16.1.3

OR

f5 big-ip_analyticsRange16.1.2.2–16.1.3

OR

f5 big-ip_apmRange16.1.2.2–16.1.3

OR

f5 big-ip_asmRange16.1.2.2–16.1.3

OR

f5 big-ip_ddos_hybrid_defenderRange16.1.2.2–16.1.3

OR

f5 big-ip_dnsRange16.1.2.2–16.1.3

OR

f5 big-ip_fpsRange16.1.2.2–16.1.3

OR

f5 big-ip_link_controllerRange16.1.2.2–16.1.3

OR

f5 big-ip_ltmRange16.1.2.2–16.1.3

OR

f5 big-ip_pemRange16.1.2.2–16.1.3

OR

f5 big-ip_ssl_orchestratorRange16.1.2.2–16.1.3

OR

f5 big-ip_next_spkRange15.1.5.1–15.1.8

OR

f5 big-ip_aamRange15.1.5.1–15.1.8

OR

f5 big-ip_afmRange15.1.5.1–15.1.8

OR

f5 big-ip_analyticsRange15.1.5.1–15.1.8

OR

f5 big-ip_apmRange15.1.5.1–15.1.8

OR

f5 big-ip_asmRange15.1.5.1–15.1.8

OR

f5 big-ip_ddos_hybrid_defenderRange15.1.5.1–15.1.8

OR

f5 big-ip_dnsRange15.1.5.1–15.1.8

OR

f5 big-ip_fpsRange15.1.5.1–15.1.8

OR

f5 big-ip_link_controllerRange15.1.5.1–15.1.8

OR

f5 big-ip_ltmRange15.1.5.1–15.1.8

OR

f5 big-ip_pemRange15.1.5.1–15.1.8

OR

f5 big-ip_ssl_orchestratorRange15.1.5.1–15.1.8

OR

f5 big-ip_next_spkRange14.1.4.6–14.1.5

OR

f5 big-ip_aamRange14.1.4.6–14.1.5

OR

f5 big-ip_afmRange14.1.4.6–14.1.5

OR

f5 big-ip_analyticsRange14.1.4.6–14.1.5

OR

f5 big-ip_apmRange14.1.4.6–14.1.5

OR

f5 big-ip_asmRange14.1.4.6–14.1.5

OR

f5 big-ip_ddos_hybrid_defenderRange14.1.4.6–14.1.5

OR

f5 big-ip_dnsRange14.1.4.6–14.1.5

OR

f5 big-ip_fpsRange14.1.4.6–14.1.5

OR

f5 big-ip_link_controllerRange14.1.4.6–14.1.5

OR

f5 big-ip_ltmRange14.1.4.6–14.1.5

OR

f5 big-ip_pemRange14.1.4.6–14.1.5

OR

f5 big-ip_ssl_orchestratorRange14.1.4.6–14.1.5

OR

f5 big-ip_next_spkMatch13.1.5

OR

f5 big-ip_aamMatch13.1.5

OR

f5 big-ip_afmMatch13.1.5

OR

f5 big-ip_analyticsMatch13.1.5

OR

f5 big-ip_apmMatch13.1.5

OR

f5 big-ip_asmMatch13.1.5

OR

f5 big-ip_ddos_hybrid_defenderMatch13.1.5

OR

f5 big-ip_dnsMatch13.1.5

OR

f5 big-ip_fpsMatch13.1.5

OR

f5 big-ip_link_controllerMatch13.1.5

OR

f5 big-ip_ltmMatch13.1.5

OR

f5 big-ip_pemMatch13.1.5

OR

f5 big-ip_ssl_orchestratorMatch13.1.5

05 Apr 2023 05:12Current

9.2High risk

Vulners AI Score9.2

CVSS 3.18.5

EPSS0.72646

SSVC

icontrol soap authenticated attacker security boundary dos cve-2023-22374 arbitrary code appliance mode