Lucene search
HistoryMay 03, 2023 - 3:15 p.m.
CVE-2023-28406
cve-2023-28406
directory traversal
big-ip config
CVSS3
4.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
AI Score
4.3
Confidence
High
EPSS
0.001
Percentile
18.9%
A directory traversal vulnerability exists in an undisclosed page of the BIG-IP Configuration utility which may allow an authenticated attacker to read files with .xml extension. Access to restricted information is limited and the attacker does not control what information is obtained.
Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Affected configurations
Node
f5big-ip_access_policy_managerRange13.1.0–13.1.5
ORf5big-ip_access_policy_managerRange14.1.0–14.1.5.4
ORf5big-ip_access_policy_managerRange15.1.0–15.1.8.2
ORf5big-ip_access_policy_managerRange16.1.0–16.1.3.4
ORf5big-ip_access_policy_managerRange17.0.0–17.1.0.1
ORf5big-ip_advanced_firewall_managerRange13.1.0–13.1.5
ORf5big-ip_advanced_firewall_managerRange14.1.0–14.1.5.4
ORf5big-ip_advanced_firewall_managerRange15.1.0–15.1.8.2
ORf5big-ip_advanced_firewall_managerRange16.1.0–16.1.3.4
ORf5big-ip_advanced_firewall_managerRange17.0.0–17.1.0.1
ORf5big-ip_advanced_web_application_firewallRange13.1.0–13.1.5
ORf5big-ip_advanced_web_application_firewallRange14.1.0–14.1.5.4
ORf5big-ip_advanced_web_application_firewallRange15.1.0–15.1.8.2
ORf5big-ip_advanced_web_application_firewallRange16.1.0–16.1.3.4
ORf5big-ip_advanced_web_application_firewallRange17.0.0–17.1.0.1
ORf5big-ip_analyticsRange13.1.0–13.1.5
ORf5big-ip_analyticsRange14.1.0–14.1.5.4
ORf5big-ip_analyticsRange15.1.0–15.1.8.2
ORf5big-ip_analyticsRange16.1.0–16.1.3.4
ORf5big-ip_analyticsRange17.0.0–17.1.0.1
ORf5big-ip_application_acceleration_managerRange13.1.0–13.1.5
ORf5big-ip_application_acceleration_managerRange14.1.0–14.1.5.4
ORf5big-ip_application_acceleration_managerRange15.1.0–15.1.8.2
ORf5big-ip_application_acceleration_managerRange16.1.0–16.1.3.4
ORf5big-ip_application_acceleration_managerRange17.0.0–17.1.0.1
ORf5big-ip_application_security_managerRange13.1.0–13.1.5
ORf5big-ip_application_security_managerRange14.1.0–14.1.5.4
ORf5big-ip_application_security_managerRange15.1.0–15.1.8.2
ORf5big-ip_application_security_managerRange16.1.0–16.1.3.4
ORf5big-ip_application_security_managerRange17.0.0–17.1.0.1
ORf5big-ip_application_visibility_and_reportingRange13.1.0–13.1.5
ORf5big-ip_application_visibility_and_reportingRange14.1.0–14.1.5.4
ORf5big-ip_application_visibility_and_reportingRange15.1.0–15.1.8.2
ORf5big-ip_application_visibility_and_reportingRange16.1.0–16.1.3.4
ORf5big-ip_application_visibility_and_reportingRange17.0.0–17.1.0.1
ORf5big-ip_carrier-grade_natRange13.1.0–13.1.5
ORf5big-ip_carrier-grade_natRange14.1.0–14.1.5.4
ORf5big-ip_carrier-grade_natRange15.1.0–15.1.8.2
ORf5big-ip_carrier-grade_natRange16.1.0–16.1.3.4
ORf5big-ip_carrier-grade_natRange17.0.0–17.1.0.1
ORf5big-ip_ddos_hybrid_defenderRange13.1.0–13.1.5
ORf5big-ip_ddos_hybrid_defenderRange14.1.0–14.1.5.4
ORf5big-ip_ddos_hybrid_defenderRange15.1.0–15.1.8.2
ORf5big-ip_ddos_hybrid_defenderRange16.1.0–16.1.3.4
ORf5big-ip_ddos_hybrid_defenderRange17.0.0–17.1.0.1
ORf5big-ip_domain_name_systemRange13.1.0–13.1.5
ORf5big-ip_domain_name_systemRange14.1.0–14.1.5.4
ORf5big-ip_domain_name_systemRange15.1.0–15.1.8.2
ORf5big-ip_domain_name_systemRange16.1.0–16.1.3.4
ORf5big-ip_domain_name_systemRange17.0.0–17.1.0.1
ORf5big-ip_edge_gatewayRange13.1.0–13.1.5
ORf5big-ip_edge_gatewayRange14.1.0–14.1.5.4
ORf5big-ip_edge_gatewayRange15.1.0–15.1.8.2
ORf5big-ip_edge_gatewayRange16.1.0–16.1.3.4
ORf5big-ip_edge_gatewayRange17.0.0–17.1.0.1
ORf5big-ip_fraud_protection_serviceRange13.1.0–13.1.5
ORf5big-ip_fraud_protection_serviceRange14.1.0–14.1.5.4
ORf5big-ip_fraud_protection_serviceRange15.1.0–15.1.8.2
ORf5big-ip_fraud_protection_serviceRange16.1.0–16.1.3.4
ORf5big-ip_fraud_protection_serviceRange17.0.0–17.1.0.1
ORf5big-ip_global_traffic_managerRange13.1.0–13.1.5
ORf5big-ip_global_traffic_managerRange14.1.0–14.1.5.4
ORf5big-ip_global_traffic_managerRange15.1.0–15.1.8.2
ORf5big-ip_global_traffic_managerRange16.1.0–16.1.3.4
ORf5big-ip_global_traffic_managerRange17.0.0–17.1.0.1
ORf5big-ip_link_controllerRange13.1.0–13.1.5
ORf5big-ip_link_controllerRange14.1.0–14.1.5.4
ORf5big-ip_link_controllerRange15.1.0–15.1.8.2
ORf5big-ip_link_controllerRange16.1.0–16.1.3.4
ORf5big-ip_link_controllerRange17.0.0–17.1.0.1
ORf5big-ip_local_traffic_managerRange13.1.0–13.1.5
ORf5big-ip_local_traffic_managerRange14.1.0–14.1.5.4
ORf5big-ip_local_traffic_managerRange15.1.0–15.1.8.2
ORf5big-ip_local_traffic_managerRange16.1.0–16.1.3.4
ORf5big-ip_local_traffic_managerRange17.0.0–17.1.0.1
ORf5big-ip_policy_enforcement_managerRange13.1.0–13.1.5
ORf5big-ip_policy_enforcement_managerRange14.1.0–14.1.5.4
ORf5big-ip_policy_enforcement_managerRange15.1.0–15.1.8.2
ORf5big-ip_policy_enforcement_managerRange16.1.0–16.1.3.4
ORf5big-ip_policy_enforcement_managerRange17.0.0–17.1.0.1
ORf5big-ip_ssl_orchestratorRange13.1.0–13.1.5
ORf5big-ip_ssl_orchestratorRange14.1.0–14.1.5.4
ORf5big-ip_ssl_orchestratorRange15.1.0–15.1.8.2
ORf5big-ip_ssl_orchestratorRange16.1.0–16.1.3.4
ORf5big-ip_ssl_orchestratorRange17.0.0–17.1.0.1
ORf5big-ip_webacceleratorRange13.1.0–13.1.5
ORf5big-ip_webacceleratorRange14.1.0–14.1.5.4
ORf5big-ip_webacceleratorRange15.1.0–15.1.8.2
ORf5big-ip_webacceleratorRange16.1.0–16.1.3.4
ORf5big-ip_webacceleratorRange17.0.0–17.1.0.1
ORf5big-ip_websafeRange13.1.0–13.1.5
ORf5big-ip_websafeRange14.1.0–14.1.5.4
ORf5big-ip_websafeRange15.1.0–15.1.8.2
ORf5big-ip_websafeRange16.1.0–16.1.3.4
ORf5big-ip_websafeRange17.0.0–17.1.0.1
| Vendor | Product | Version | CPE |
|---|---|---|---|
| f5 | big-ip_access_policy_manager | * | cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:* |
| f5 | big-ip_advanced_firewall_manager | * | cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:* |
| f5 | big-ip_advanced_web_application_firewall | * | cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:* |
| f5 | big-ip_analytics | * | cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:* |
| f5 | big-ip_application_acceleration_manager | * | cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:* |
| f5 | big-ip_application_security_manager | * | cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:* |
| f5 | big-ip_application_visibility_and_reporting | * | cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:* |
| f5 | big-ip_carrier-grade_nat | * | cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:* |
| f5 | big-ip_ddos_hybrid_defender | * | cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:* |
| f5 | big-ip_domain_name_system | * | cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:* |
References
Related
nessus
nessus
F5 Networks BIG-IP : BIG-IP Configuration utility vulnerability (K000132768)
2023-05-16 00:00:00
cve
cve
CVE-2023-28406
2023-05-03 15:15:12
prion
prion
Directory traversal
2023-05-03 15:15:00
cvelist
cvelist
CVE-2023-28406 BIG-IP Configuration utility vulnerability
2023-05-03 14:34:00
cnvd
cnvd
F5 BIG-IP path traversal vulnerability (CNVD-2023-82309)
2023-05-09 00:00:00
f5
f5
K000132768 : BIG-IP Configuration utility vulnerability CVE-2023-28406
2023-05-03 00:00:00
K000133251 : Overview of F5 vulnerabilities (May 2023)
2023-05-03 00:00:00
CVSS3
4.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
AI Score
4.3
Confidence
High
EPSS
0.001
Percentile
18.9%
Related for NVD:CVE-2023-28406