Lucene search

[email protected]NVD:CVE-2023-46748

HistoryOct 26, 2023 - 9:15 p.m.

CVE-2023-46748

2023-10-2621:15:08

CWE-89

[email protected]

web.nvd.nist.gov

sql injection

big-ip configuration

authenticated

network access

arbitrary commands

technical support

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.9 High

AI Score

Confidence

High

0.007 Low

EPSS

Percentile

80.9%

JSON

An authenticated SQL injection vulnerability exists in the BIG-IP Configuration utility which

may allow an authenticated attacker with network access to the Configuration utility through the BIG-IP management port and/or self IP addresses to execute arbitrary system commands.

Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

Affected configurations

NVD

Node

f5big-ip_access_policy_managerRange13.1.0–13.1.5

f5big-ip_access_policy_managerRange14.1.0–14.1.5

f5big-ip_access_policy_managerRange15.1.0–15.1.10

f5big-ip_access_policy_managerRange16.1.0–16.1.4

f5big-ip_access_policy_managerRange17.1.0–17.1.1

Node

f5big-ip_advanced_firewall_managerRange13.1.0–13.1.5

f5big-ip_advanced_firewall_managerRange14.1.0–14.1.5

f5big-ip_advanced_firewall_managerRange15.1.0–15.1.10

f5big-ip_advanced_firewall_managerRange16.1.0–16.1.4

f5big-ip_advanced_firewall_managerRange17.1.0–17.1.1

Node

f5big-ip_carrier-grade_natRange13.1.0–13.1.5

f5big-ip_carrier-grade_natRange14.1.0–14.1.5

f5big-ip_carrier-grade_natRange15.1.0–15.1.10

f5big-ip_carrier-grade_natRange16.1.0–16.1.4

f5big-ip_carrier-grade_natRange17.1.0–17.1.1

Node

f5big-ip_ddos_hybrid_defenderRange13.1.0–13.1.5

f5big-ip_ddos_hybrid_defenderRange14.1.0–14.1.5

f5big-ip_ddos_hybrid_defenderRange15.1.0–15.1.10

f5big-ip_ddos_hybrid_defenderRange16.1.0–16.1.4

f5big-ip_ddos_hybrid_defenderRange17.1.0–17.1.1

Node

f5big-ip_ssl_orchestratorRange13.1.0–13.1.5

f5big-ip_ssl_orchestratorRange14.1.0–14.1.5

f5big-ip_ssl_orchestratorRange15.1.0–15.1.10

f5big-ip_ssl_orchestratorRange16.1.0–16.1.4

f5big-ip_ssl_orchestratorRange17.1.0–17.1.1

Node

f5big-ip_local_traffic_managerRange13.1.0–13.1.5

f5big-ip_local_traffic_managerRange14.1.0–14.1.5

f5big-ip_local_traffic_managerRange15.1.0–15.1.10

f5big-ip_local_traffic_managerRange16.1.0–16.1.4

f5big-ip_local_traffic_managerRange17.1.0–17.1.1

Node

f5big-ip_policy_enforcement_managerRange13.1.0–13.1.5

f5big-ip_policy_enforcement_managerRange14.1.0–14.1.5

f5big-ip_policy_enforcement_managerRange15.1.0–15.1.10

f5big-ip_policy_enforcement_managerRange16.1.0–16.1.4

f5big-ip_policy_enforcement_managerRange17.1.0–17.1.1

Node

f5big-ip_automation_toolchainRange13.1.0–13.1.5

f5big-ip_automation_toolchainRange14.1.0–14.1.5

f5big-ip_automation_toolchainRange15.1.0–15.1.10

f5big-ip_automation_toolchainRange16.1.0–16.1.4

f5big-ip_automation_toolchainRange17.1.0–17.1.1

Node

f5big-ip_container_ingress_servicesRange13.1.0–13.1.5

f5big-ip_container_ingress_servicesRange14.1.0–14.1.5

f5big-ip_container_ingress_servicesRange15.1.0–15.1.10

f5big-ip_container_ingress_servicesRange16.1.0–16.1.4

f5big-ip_container_ingress_servicesRange17.1.0–17.1.1

Node

f5big-ip_advanced_web_application_firewallRange13.1.0–13.1.5

f5big-ip_advanced_web_application_firewallRange14.1.0–14.1.5

f5big-ip_advanced_web_application_firewallRange15.1.0–15.1.10

f5big-ip_advanced_web_application_firewallRange16.1.0–16.1.4

f5big-ip_advanced_web_application_firewallRange17.1.0–17.1.1

Node

f5big-ip_domain_name_systemRange13.1.0–13.1.5

f5big-ip_domain_name_systemRange14.1.0–14.1.5

f5big-ip_domain_name_systemRange15.1.0–15.1.10

f5big-ip_domain_name_systemRange16.1.0–16.1.4

f5big-ip_domain_name_systemRange17.1.0–17.1.1

Node

f5big-ip_application_security_managerRange13.1.0–13.1.5

f5big-ip_application_security_managerRange14.1.0–14.1.5

f5big-ip_application_security_managerRange15.1.0–15.1.10

f5big-ip_application_security_managerRange16.1.0–16.1.4

f5big-ip_application_security_managerRange17.1.0–17.1.1

Node

f5big-ip_analyticsRange13.1.0–13.1.5

f5big-ip_analyticsRange14.1.0–14.1.5

f5big-ip_analyticsRange15.1.0–15.1.10

f5big-ip_analyticsRange16.1.0–16.1.4

f5big-ip_analyticsRange17.1.0–17.1.1

Node

f5big-ip_application_acceleration_managerRange13.1.0–13.1.5

f5big-ip_application_acceleration_managerRange14.1.0–14.1.5

f5big-ip_application_acceleration_managerRange15.1.0–15.1.10

f5big-ip_application_acceleration_managerRange16.1.0–16.1.4

f5big-ip_application_acceleration_managerRange17.1.0–17.1.1

Node

f5big-ip_application_visibility_and_reportingRange13.1.0–13.1.5

f5big-ip_application_visibility_and_reportingRange14.1.0–14.1.5

f5big-ip_application_visibility_and_reportingRange15.1.0–15.1.10

f5big-ip_application_visibility_and_reportingRange16.1.0–16.1.4

f5big-ip_application_visibility_and_reportingRange17.1.0–17.1.1

Node

f5big-ip_fraud_protection_servicesRange13.1.0–13.1.5

f5big-ip_fraud_protection_servicesRange14.1.0–14.1.5

f5big-ip_fraud_protection_servicesRange15.1.0–15.1.10

f5big-ip_fraud_protection_servicesRange16.1.0–16.1.4

f5big-ip_fraud_protection_servicesRange17.1.0–17.1.1

Node

f5big-ip_global_traffic_managerRange13.1.0–13.1.5

f5big-ip_global_traffic_managerRange14.1.0–14.1.5

f5big-ip_global_traffic_managerRange15.1.0–15.1.10

f5big-ip_global_traffic_managerRange16.1.0–16.1.4

f5big-ip_global_traffic_managerRange17.1.0–17.1.1

Node

f5big-ip_link_controllerRange13.1.0–13.1.5

f5big-ip_link_controllerRange14.1.0–14.1.5

f5big-ip_link_controllerRange15.1.0–15.1.10

f5big-ip_link_controllerRange16.1.0–16.1.4

f5big-ip_link_controllerRange17.1.0–17.1.1

Node

f5big-ip_webacceleratorRange13.1.0–13.1.5

f5big-ip_webacceleratorRange14.1.0–14.1.5

f5big-ip_webacceleratorRange15.1.0–15.1.10

f5big-ip_webacceleratorRange16.1.0–16.1.4

f5big-ip_webacceleratorRange17.1.0–17.1.1

Node

f5big-ip_websafeRange13.1.0–13.1.5

f5big-ip_websafeRange14.1.0–14.1.5

f5big-ip_websafeRange15.1.0–15.1.10

f5big-ip_websafeRange16.1.0–16.1.4

f5big-ip_websafeRange17.1.0–17.1.1

References

my.f5.com/manage/s/article/K000137365

www.secpod.com/blog/f5-issues-warning-big-ip-vulnerability-used-in-active-exploit-chain/

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.9 High

AI Score

Confidence

High

0.007 Low

EPSS

Percentile

80.9%

JSON

Related for NVD:CVE-2023-46748

cve1 prion1 cvelist1 nessus2 attackerkb1 cisa_kev2 thn1 f53