Security Advisory Description
A directory traversal vulnerability exists in the BIG-IP Configuration utility that may allow an authenticated attacker to execute commands on the BIG-IP system. For BIG-IP systems running in Appliance mode, a successful exploit can allow the attacker to cross a security boundary. (CVE-2023-41373)
Impact
An authenticated attacker may exploit this vulnerability by sending crafted requests to the BIG-IP Configuration utility. If the exploit is successful, an attacker can execute commands on the BIG-IP system. For BIG-IP systems running Appliance mode, an authenticated attacker may be able to bypass Appliance mode restrictions. Appliance mode is enforced by a specific license or may be enabled or disabled for individual Virtual Clustered Multiprocessing (vCMP) guest instances. There is no data plane exposure; this is a control plane issue only.
For more information about Appliance mode, refer to K12815: Overview of Appliance mode.