Lucene search

[email protected]NVD:CVE-2023-43746

HistoryOct 10, 2023 - 1:15 p.m.

CVE-2023-43746

2023-10-1013:15:21

CWE-267

[email protected]

web.nvd.nist.gov

authenticated user

administrator role

appliance mode

security boundary

vulnerability

big-ip system

8.7 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N

8.5 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

19.5%

JSON

When running in Appliance mode, an authenticated user assigned the Administrator role may be able to bypass Appliance mode restrictions, utilizing BIG-IP external monitor on a BIG-IP system. A successful exploit can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Affected configurations

NVD

Node

f5big-ip_access_policy_managerRange13.1.0–14.1.5

f5big-ip_access_policy_managerRange15.1.0–15.1.9

f5big-ip_access_policy_managerRange16.1.0–16.1.4

Node

f5big-ip_advanced_firewall_managerRange13.1.0–14.1.5

f5big-ip_advanced_firewall_managerRange15.1.0–15.1.9

f5big-ip_advanced_firewall_managerRange16.1.0–16.1.4

Node

f5big-ip_application_security_managerRange13.1.0–14.1.5

f5big-ip_application_security_managerRange15.1.0–15.1.9

f5big-ip_application_security_managerRange16.1.0–16.1.4

Node

f5big-ip_domain_name_systemRange13.1.0–14.1.5

f5big-ip_domain_name_systemRange15.1.0–15.1.9

f5big-ip_domain_name_systemRange16.1.0–16.1.4

Node

f5big-ip_local_traffic_managerRange13.1.0–14.1.5

f5big-ip_local_traffic_managerRange15.1.0–15.1.9

f5big-ip_local_traffic_managerRange16.1.0–16.1.4

Node

f5big-ip_advanced_web_application_firewallRange13.1.0–14.1.5

f5big-ip_advanced_web_application_firewallRange15.1.0–15.1.9

f5big-ip_advanced_web_application_firewallRange16.1.0–16.1.4

Node

f5big-ip_analyticsRange13.1.0–14.1.5

f5big-ip_analyticsRange15.1.0–15.1.9

f5big-ip_analyticsRange16.1.0–16.1.4

Node

f5big-ip_application_acceleration_managerRange13.1.0–14.1.5

f5big-ip_application_acceleration_managerRange15.1.0–15.1.9

f5big-ip_application_acceleration_managerRange16.1.0–16.1.4

Node

f5big-ip_application_visibility_and_reportingRange13.1.0–14.1.5

f5big-ip_application_visibility_and_reportingRange15.1.0–15.1.9

f5big-ip_application_visibility_and_reportingRange16.1.0–16.1.4

Node

f5big-ip_carrier-grade_natRange13.1.0–14.1.5

f5big-ip_carrier-grade_natRange15.1.0–15.1.9

f5big-ip_carrier-grade_natRange16.1.0–16.1.4

Node

f5big-ip_ddos_hybrid_defenderRange13.1.0–14.1.5

f5big-ip_ddos_hybrid_defenderRange15.1.0–15.1.9

f5big-ip_ddos_hybrid_defenderRange16.1.0–16.1.4

Node

f5big-ip_fraud_protection_serviceRange13.1.0–14.1.5

f5big-ip_fraud_protection_serviceRange15.1.0–15.1.9

f5big-ip_fraud_protection_serviceRange16.1.0–16.1.4

Node

f5big-ip_global_traffic_managerRange13.1.0–14.1.5

f5big-ip_global_traffic_managerRange15.1.0–15.1.9

f5big-ip_global_traffic_managerRange16.1.0–16.1.4

Node

f5big-ip_link_controllerRange13.1.0–14.1.5

f5big-ip_link_controllerRange15.1.0–15.1.9

f5big-ip_link_controllerRange16.1.0–16.1.4

Node

f5big-ip_policy_enforcement_managerRange13.1.0–14.1.5

f5big-ip_policy_enforcement_managerRange15.1.0–15.1.9

f5big-ip_policy_enforcement_managerRange16.1.0–16.1.4

Node

f5big-ip_ssl_orchestratorRange13.1.0–14.1.5

f5big-ip_ssl_orchestratorRange15.1.0–15.1.9

f5big-ip_ssl_orchestratorRange16.1.0–16.1.4

Node

f5big-ip_webacceleratorRange13.1.0–14.1.5

f5big-ip_webacceleratorRange15.1.0–15.1.9

f5big-ip_webacceleratorRange16.1.0–16.1.4

Node

f5big-ip_websafeRange13.1.0–14.1.5

f5big-ip_websafeRange15.1.0–15.1.9

f5big-ip_websafeRange16.1.0–16.1.4

References

my.f5.com/manage/s/article/K41072952

8.7 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N

8.5 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

19.5%

JSON

Related for NVD:CVE-2023-43746

nessus1 cve1 prion1 cnvd1 cvelist1 f51