Lucene search
F5F5:K26910459HistoryOct 10, 2023 - 12:00 a.m.
K26910459 : BIG-IP iControl REST vulnerability CVE-2023-42768
2023-10-1000:00:00
my.f5.com
13
big-ip
icontrol
non-admin user
access control
vulnerability
Security Advisory Description
When a non-admin user has been assigned an administrator role via an iControl REST PUT request and later the user’s role is reverted back to a non-admin role via the Configuration utility, tmsh, or iControl REST, the BIG-IP non-admin user can still access the iControl REST admin resource. (CVE-2023-42768)
Impact
A non-admin user can access resources for which the account does not have permission. There is no data plane exposure; this is a control plane issue.
Related
prion
prion
Cross site request forgery (csrf)
2023-10-10 13:15:00
vulnrichment
vulnrichment
CVE-2023-42768 BIG-IP iControl REST vulnerability
2023-10-10 12:34:06
nessus
nessus
F5 Networks BIG-IP : BIG-IP iControl REST Privilege Escalation (K26910459)
2023-10-13 00:00:00
cnvd
cnvd
F5 BIG-IP iControl Security Bypass Vulnerability
2023-10-11 00:00:00
cvelist
cvelist
CVE-2023-42768 BIG-IP iControl REST vulnerability
2023-10-10 12:34:06
nvd
nvd
CVE-2023-42768
2023-10-10 13:15:21
cve
cve
CVE-2023-42768
2023-10-10 13:15:21
f5
f5
K000137053 : Overview of F5 vulnerabilities (October 2023)
2023-10-10 00:00:00