Lucene search

F5F5:K83284425

HistoryFeb 01, 2023 - 12:00 a.m.

K83284425 : iControl REST and tmsh vulnerability CVE-2023-22326

2023-02-0100:00:00

my.f5.com

icontrol rest

tmsh

permission assignment

vulnerability

cve-2023-22326

authenticated attacker

resource administrator

sensitive information

crafted request

control plane

6.8 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

27.8%

JSON

Security Advisory Description

Incorrect permission assignment vulnerabilities exist in the iControl REST and TMOS shell (tmsh) dig command which may allow an authenticated attacker with resource administrator role privilege to view sensitive information. (CVE-2023-22326)

Impact

An authenticated attacker with resource administrator role privilege may exploit these vulnerabilities by sending a crafted request remotely through iControl REST and locally through a crafted tmsh command. If the exploit is successful, an attacker can view sensitive information. There is no data plane exposure; this is a control plane issue only.

CPENameOperatorVersion
f5 ssl orchestratoreq14.1.0
f5 ssl orchestratoreq14.1.2
f5 ssl orchestratoreq14.1.4
f5 ssl orchestratoreq15.1.0
f5 ssl orchestratoreq15.1.1
f5 ssl orchestratoreq16.1.0
f5 ssl orchestratoreq16.1.1
f5 ssl orchestratoreq16.1.3
f5 ssl orchestratoreq17.0.0
big-ip afmeq13.1.0

Name	Operator	Version
f5 ssl orchestrator	eq	14.1.0
f5 ssl orchestrator	eq	14.1.2
f5 ssl orchestrator	eq	14.1.4
f5 ssl orchestrator	eq	15.1.0
f5 ssl orchestrator	eq	15.1.1
f5 ssl orchestrator	eq	16.1.0
f5 ssl orchestrator	eq	16.1.1
f5 ssl orchestrator	eq	16.1.3
f5 ssl orchestrator	eq	17.0.0
big-ip afm	eq	13.1.0

Rows per page:

1-10 of 3951