Security Advisory Description
On August 2, 2023, F5 announced the following security issues. This document is intended to serve as an overview of these vulnerabilities to help determine the impact to your F5 devices. You can find the details of each issue in the associated articles.
Important: Customers who upgrade to 17.1.0.2, 16.1.3.5, or 14.1.5.5 and who are using BIG-IP APM Edge Client 7.2.4.2 or later to support macOS 13.3 clients must also download and install an engineering hotfix on top of their target BIG-IP branch. For more information, refer to K000134990: Upgrading to BIG-IP 17.1.0.2, 16.1.3.5, or 14.1.5.5 breaks macOS 13.3 Endpoint Inspection for VPN again.
High CVEs
Article (CVE) | CVSS score | Affected products | Affected versions1 | Fixes introduced in |
---|---|---|---|---|
K000134746: BIG-IP Edge Client for macOS vulnerability CVE-2023-38418 | 7.8 | BIG-IP APM | 17.0.0 - 17.1.0 | |
16.1.0 - 16.1.3 | ||||
15.1.0 - 15.1.9 | ||||
14.1.0 - 14.1.5 | ||||
13.1.0 - 13.1.5 | 17.1.1 | |||
16.1.4 | ||||
APM Clients | 7.2.3 - 7.2.4 | 7.2.4.3 | ||
K000133474: BIG-IP Configuration utility vulnerability CVE-2023-38138 | 7.5 | BIG-IP (all modules) | 17.0.0 - 17.1.0 | |
16.1.0 - 16.1.3 | ||||
15.1.0 - 15.1.9 | ||||
14.1.0 - 14.1.5 | ||||
13.1.0 - 13.1.5 | 17.1.0.2 | |||
16.1.3.5 | ||||
15.1.9.1 | ||||
14.1.5.5 | ||||
K000132563: BIG-IP Edge Client for Windows and macOS vulnerability CVE-2023-36858 | 7.1 | BIG-IP APM | 17.0.0 - 17.1.0 | |
16.1.0 - 16.1.3 | ||||
15.1.0 - 15.1.9 | ||||
14.1.0 - 14.1.5 | ||||
13.1.0 - 13.1.5 | 16.1.4 | |||
APM Clients | 7.2.3 - 7.2.4 | 7.2.4.3 |
1F5 evaluates only software versions that have not yet reached the End of Technical Support (EoTS) phase of their lifecycle.
Medium CVEs
Article (CVE) | CVSS score | Affected products | Affected versions1 | Fixes introduced in |
---|---|---|---|---|
K000135449: BIG-IP FIPS HSM password vulnerability CVE-2023-3470 | 6.0 | BIG-IP (all modules) | 15.1.0 | |
14.1.0 - 14.1.3 | ||||
13.1.0 - 13.1.3 |
16.0.0
15.1.1
14.1.4
13.1.4
K000134535: BIG-IP Configuration utility vulnerability CVE-2023-38423| 5.4| BIG-IP (all modules)| 17.0.0 - 17.1.0
16.1.0 - 16.1.3
15.1.0 - 15.1.9
14.1.0 - 14.1.5
13.1.0 - 13.1.5| 17.1.0.2
16.1.3.5
15.1.9.1
14.1.5.5
K000134922: F5OS-A vulnerability CVE-2023-36494| 4.4| F5OS-A| 1.4.0| 1.5.0
K000133472: BIG-IP and BIG-IQ iControl SOAP vulnerability CVE-2023-38419| 4.3| BIG-IP (all modules)| 17.0.0 - 17.1.0
16.1.0 - 16.1.3
15.1.0 - 15.1.9
14.1.0 - 14.1.5
13.1.0 - 13.1.5| 17.1.0.2
16.1.3.5
15.1.9.1
14.1.5.5
BIG-IQ Centralized Management| 8.2.0 - 8.3.0| None
1F5 evaluates only software versions that have not yet reached the End of Technical Support (EoTS) phase of their lifecycle.