Lucene search

F5F5:K000135689

HistoryOct 10, 2023 - 12:00 a.m.

K000135689 : BIG-IP Configuration utility vulnerability CVE-2023-41373

2023-10-1000:00:00

my.f5.com

big-ip

configuration utility

vulnerability

cve-2023-41373

authenticated attacker

execute commands

bypass

appliance mode

6.8 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

54.8%

JSON

Security Advisory Description

A directory traversal vulnerability exists in the BIG-IP Configuration utility that may allow an authenticated attacker to execute commands on the BIG-IP system. For BIG-IP systems running in Appliance mode, a successful exploit can allow the attacker to cross a security boundary. (CVE-2023-41373)

Impact

An authenticated attacker may exploit this vulnerability by sending crafted requests to the BIG-IP Configuration utility. If the exploit is successful, an attacker can execute commands on the BIG-IP system. For BIG-IP systems running Appliance mode, an authenticated attacker may be able to bypass Appliance mode restrictions. Appliance mode is enforced by a specific license or may be enabled or disabled for individual Virtual Clustered Multiprocessing (vCMP) guest instances. There is no data plane exposure; this is a control plane issue only.

For more information about Appliance mode, refer to K12815: Overview of Appliance mode.

CPENameOperatorVersion
f5 ssl orchestratoreq14.1.0
f5 ssl orchestratoreq14.1.2
f5 ssl orchestratoreq14.1.4
f5 ssl orchestratoreq15.1.0
f5 ssl orchestratoreq15.1.1
f5 ssl orchestratoreq16.1.0
f5 ssl orchestratoreq16.1.1
f5 ssl orchestratoreq16.1.3
f5 ssl orchestratoreq17.1.0
big-ip next cgnat cnfeq1.1.0

Name	Operator	Version
f5 ssl orchestrator	eq	14.1.0
f5 ssl orchestrator	eq	14.1.2
f5 ssl orchestrator	eq	14.1.4
f5 ssl orchestrator	eq	15.1.0
f5 ssl orchestrator	eq	15.1.1
f5 ssl orchestrator	eq	16.1.0
f5 ssl orchestrator	eq	16.1.1
f5 ssl orchestrator	eq	16.1.3
f5 ssl orchestrator	eq	17.1.0
big-ip next cgnat cnf	eq	1.1.0

Rows per page:

1-10 of 4761