3 matches found
F5 Networks BIG-IP : BIG-IP iControl REST Privilege Escalation (K26910459)
The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.0 / 16.1.4 / 15.1.9. It is, therefore, affected by a vulnerability as referenced in the K26910459 advisory. The BIG-IP and BIG-IQ systems do not encrypt some sensitive information written to Database DB variables. Not...
CVE-2023-42768 BIG-IP iControl REST vulnerability
When a non-admin user has been assigned an administrator role via an iControl REST PUT request and later the user's role is reverted back to a non-admin role via the Configuration utility, tmsh, or iControl REST. BIG-IP non-admin user can still have access to iControl REST admin resource. Note:...
CVE-2023-42768
CVE-2023-42768 affects BIG-IP iControl REST privilege escalation. A non-admin user temporarily granted admin rights via iControl REST PUT can retain access to admin resources after reverting role, enabling control-plane access. According to F5 advisory K26910459, fixes are available: BIG-IP (all ...