Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2023-22374 (GCVE-0-2023-22374)
Vulnerability from cvelistv5 – Published: 2023-02-01 17:54 – Updated: 2025-03-26 17:51- CWE-134 - Use of Externally-Controlled Format String
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:07:06.534Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://my.f5.com/manage/s/article/K000130415"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-22374",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-26T17:50:54.452809Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-26T17:51:00.789Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"modules": [
"All Modules"
],
"product": "BIG-IP",
"vendor": "F5",
"versions": [
{
"changes": [
{
"at": "Engineering Hotfix Available",
"status": "unaffected"
}
],
"lessThan": "17.1.0",
"status": "affected",
"version": "17.0.0",
"versionType": "semver"
},
{
"changes": [
{
"at": "Engineering Hotfix Available",
"status": "unaffected"
}
],
"lessThan": "16.1.3.4",
"status": "affected",
"version": "16.1.2.2",
"versionType": "semver"
},
{
"changes": [
{
"at": "Engineering Hotfix Available",
"status": "unaffected"
}
],
"lessThan": "15.1.8.2",
"status": "affected",
"version": "15.1.5.1",
"versionType": "semver"
},
{
"changes": [
{
"at": "Engineering Hotfix Available",
"status": "unaffected"
}
],
"lessThan": "14.1.5.4",
"status": "affected",
"version": "14.1.4.6",
"versionType": "semver"
},
{
"changes": [
{
"at": "Engineering Hotfix Available",
"status": "unaffected"
}
],
"lessThan": "*",
"status": "affected",
"version": "13.1.5",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "F5 acknowledges Ron Bowes of Rapid7 for bringing this issue to our attention and following the highest standards of coordinated disclosure."
}
],
"datePublic": "2023-02-01T15:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA format string vulnerability exists in iControl SOAP that allows an authenticated attacker to crash the iControl SOAP CGI process or, potentially execute arbitrary code. In appliance mode BIG-IP, a successful exploit of this vulnerability can allow the attacker to cross a security boundary.\u003c/span\u003e\n\u0026nbsp;Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.\u003cbr\u003e\n\n"
}
],
"value": "\nA format string vulnerability exists in iControl SOAP that allows an authenticated attacker to crash the iControl SOAP CGI process or, potentially execute arbitrary code. In appliance mode BIG-IP, a successful exploit of this vulnerability can allow the attacker to cross a security boundary.\n\u00a0Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.\n\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "Appliance Mode"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-134",
"description": "CWE-134 Use of Externally-Controlled Format String",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-04T02:11:45.387Z",
"orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"shortName": "f5"
},
"references": [
{
"url": "https://my.f5.com/manage/s/article/K000130415"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "iControl SOAP vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"assignerShortName": "f5",
"cveId": "CVE-2023-22374",
"datePublished": "2023-02-01T17:54:46.798Z",
"dateReserved": "2023-01-13T06:43:37.145Z",
"dateUpdated": "2025-03-26T17:51:00.789Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22374
Vulnerability from fstec - Published: 01.02.2023{
"CVSS 2.0": "AV:N/AC:H/Au:S/C:C/I:C/A:C",
"CVSS 3.0": "AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "F5 Networks, Inc.",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "\u043e\u0442 13.1.0 \u0434\u043e 13.1.5 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (BIG-IP Access Policy Manager), \u043e\u0442 13.1.0 \u0434\u043e 13.1.5 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (BIG-IP Advanced Firewall Manager), \u043e\u0442 13.1.0 \u0434\u043e 13.1.5 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (BIG-IP Analytics), \u043e\u0442 13.1.0 \u0434\u043e 13.1.5 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (BIG-IP Application Acceleration Manager), \u043e\u0442 13.1.0 \u0434\u043e 13.1.5 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (BIG-IP Application Security Manager), \u043e\u0442 13.1.0 \u0434\u043e 13.1.5 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (BIG-IP Domain Name System), \u043e\u0442 13.1.0 \u0434\u043e 13.1.5 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (BIG-IP Fraud Protection Service), \u043e\u0442 13.1.0 \u0434\u043e 13.1.5 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (BIG-IP Link Controller), \u043e\u0442 13.1.0 \u0434\u043e 13.1.5 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (BIG-IP Local Traffic Manager), \u043e\u0442 13.1.0 \u0434\u043e 13.1.5 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (BIG-IP Policy Enforcement Manager), 17.0.0 (BIG-IP Access Policy Manager), 17.0.0 (BIG-IP Advanced Firewall Manager), 17.0.0 (BIG-IP Analytics), 17.0.0 (BIG-IP Application Acceleration Manager), 17.0.0 (BIG-IP Fraud Protection Service), 17.0.0 (BIG-IP Link Controller), 17.0.0 (BIG-IP Local Traffic Manager), 17.0.0 (BIG-IP Policy Enforcement Manager), \u043e\u0442 13.1.0 \u0434\u043e 13.1.5 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (BIG-IP DDos Hybrid Defender), \u043e\u0442 13.1.0 \u0434\u043e 13.1.5 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (BIG-IP SSL Orchestrator), \u043e\u0442 14.1.4.6 \u0434\u043e 14.1.5.4 (BIG-IP Access Policy Manager), \u043e\u0442 15.1.5.1 \u0434\u043e 15.1.8.2 (BIG-IP Access Policy Manager), \u043e\u0442 16.1.2.2 \u0434\u043e 16.1.3.4 (BIG-IP Access Policy Manager), \u043e\u0442 16.1.2.2 \u0434\u043e 16.1.3.4 (BIG-IP Advanced Firewall Manager), \u043e\u0442 15.1.5.1 \u0434\u043e 15.1.8.2 (BIG-IP Advanced Firewall Manager), \u043e\u0442 14.1.4.6 \u0434\u043e 14.1.5.4 (BIG-IP Advanced Firewall Manager), \u043e\u0442 14.1.4.6 \u0434\u043e 14.1.5.4 (BIG-IP Analytics), \u043e\u0442 15.1.5.1 \u0434\u043e 15.1.8.2 (BIG-IP Analytics), \u043e\u0442 16.1.2.2 \u0434\u043e 16.1.3.4 (BIG-IP Analytics), \u043e\u0442 14.1.4.6 \u0434\u043e 14.1.5.4 (BIG-IP Application Acceleration Manager), \u043e\u0442 15.1.5.1 \u0434\u043e 15.1.8.2 (BIG-IP Application Acceleration Manager), \u043e\u0442 16.1.2.2 \u0434\u043e 16.1.3.4 (BIG-IP Application Acceleration Manager), 17.0.0 (BIG-IP Application Security Manager), \u043e\u0442 14.1.4.6 \u0434\u043e 14.1.5.4 (BIG-IP Application Security Manager), \u043e\u0442 15.1.5.1 \u0434\u043e 15.1.8.2 (BIG-IP Application Security Manager), \u043e\u0442 16.1.2.2 \u0434\u043e 16.1.3.4 (BIG-IP Application Security Manager), 17.0.0 (BIG-IP DDos Hybrid Defender), \u043e\u0442 14.1.4.6 \u0434\u043e 14.1.5.4 (BIG-IP DDos Hybrid Defender), \u043e\u0442 15.1.5.1 \u0434\u043e 15.1.8.2 (BIG-IP DDos Hybrid Defender), \u043e\u0442 16.1.2.2 \u0434\u043e 16.1.3.4 (BIG-IP DDos Hybrid Defender), 17.0.0 (BIG-IP Domain Name System), \u043e\u0442 14.1.4.6 \u0434\u043e 14.1.5.4 (BIG-IP Domain Name System), \u043e\u0442 15.1.5.1 \u0434\u043e 15.1.8.2 (BIG-IP Domain Name System), \u043e\u0442 16.1.2.2 \u0434\u043e 16.1.3.4 (BIG-IP Domain Name System), \u043e\u0442 16.1.2.2 \u0434\u043e 16.1.3.4 (BIG-IP Fraud Protection Service), \u043e\u0442 15.1.5.1 \u0434\u043e 15.1.8.2 (BIG-IP Fraud Protection Service), \u043e\u0442 14.1.4.6 \u0434\u043e 14.1.5.4 (BIG-IP Fraud Protection Service), \u043e\u0442 14.1.4.6 \u0434\u043e 14.1.5.4 (BIG-IP Link Controller), \u043e\u0442 15.1.5.1 \u0434\u043e 15.1.8.2 (BIG-IP Link Controller), \u043e\u0442 16.1.2.2 \u0434\u043e 16.1.3.4 (BIG-IP Link Controller), \u043e\u0442 14.1.4.6 \u0434\u043e 14.1.5.4 (BIG-IP Local Traffic Manager), \u043e\u0442 15.1.5.1 \u0434\u043e 15.1.8.2 (BIG-IP Local Traffic Manager), \u043e\u0442 16.1.2.2 \u0434\u043e 16.1.3.4 (BIG-IP Local Traffic Manager), \u043e\u0442 14.1.4.6 \u0434\u043e 14.1.5.4 (BIG-IP Policy Enforcement Manager), \u043e\u0442 15.1.5.1 \u0434\u043e 15.1.8.2 (BIG-IP Policy Enforcement Manager), \u043e\u0442 16.1.2.2 \u0434\u043e 16.1.3.4 (BIG-IP Policy Enforcement Manager), 17.0.0 (BIG-IP SSL Orchestrator), \u043e\u0442 14.1.4.6 \u0434\u043e 14.1.5.4 (BIG-IP SSL Orchestrator), \u043e\u0442 15.1.5.1 \u0434\u043e 15.1.8.2 (BIG-IP SSL Orchestrator), \u043e\u0442 16.1.2.2 \u0434\u043e 16.1.3.4 (BIG-IP SSL Orchestrator)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0423\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0439 \u0438\u0437 \u0434\u043e\u0432\u0435\u0440\u0435\u043d\u043d\u044b\u0445 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u043e\u0432.\n\u0412 \u0441\u0432\u044f\u0437\u0438 \u0441\u043e \u0441\u043b\u043e\u0436\u0438\u0432\u0448\u0435\u0439\u0441\u044f \u043e\u0431\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u043e\u0439 \u0438 \u0432\u0432\u0435\u0434\u0435\u043d\u043d\u044b\u043c\u0438 \u0441\u0430\u043d\u043a\u0446\u0438\u044f\u043c\u0438 \u043f\u0440\u043e\u0442\u0438\u0432 \u0420\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u043e\u0439 \u0424\u0435\u0434\u0435\u0440\u0430\u0446\u0438\u0438 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u0443\u0441\u0442\u0430\u043d\u0430\u0432\u043b\u0438\u0432\u0430\u0442\u044c \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0442\u043e\u043b\u044c\u043a\u043e \u043f\u043e\u0441\u043b\u0435 \u043e\u0446\u0435\u043d\u043a\u0438 \u0432\u0441\u0435\u0445 \u0441\u043e\u043f\u0443\u0442\u0441\u0442\u0432\u0443\u044e\u0449\u0438\u0445 \u0440\u0438\u0441\u043a\u043e\u0432.\n\n\u041a\u043e\u043c\u043f\u0435\u043d\u0441\u0438\u0440\u0443\u044e\u0449\u0438\u0435 \u043c\u0435\u0440\u044b:\n- \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u0435 \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u043c\u0443 \u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441\u0443 iControl SOAP;\n- \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432 \u043c\u0435\u0436\u0441\u0435\u0442\u0435\u0432\u043e\u0433\u043e \u044d\u043a\u0440\u0430\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u0443\u0440\u043e\u0432\u043d\u044f \u0432\u0435\u0431-\u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0439 \u0434\u043b\u044f \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u044f \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u0438 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e\u0433\u043e \u0434\u043e\u0441\u0442\u0443\u043f\u0430;\n- \u043e\u0442\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u0435/\u0443\u0434\u0430\u043b\u0435\u043d\u0438\u0435 \u043d\u0435\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u044b\u0445 \u0443\u0447\u0435\u0442\u043d\u044b\u0445 \u0437\u0430\u043f\u0438\u0441\u0435\u0439 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439.\n\n\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f:\nhttps://my.f5.com/manage/s/article/K000130415",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "01.02.2023",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "04.12.2023",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "01.12.2023",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2023-08341",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2023-22374",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "BIG-IP Access Policy Manager, BIG-IP Advanced Firewall Manager, BIG-IP Analytics, BIG-IP Application Acceleration Manager, BIG-IP Application Security Manager, BIG-IP Domain Name System, BIG-IP Fraud Protection Service, BIG-IP Link Controller, BIG-IP Local Traffic Manager, BIG-IP Policy Enforcement Manager, BIG-IP DDos Hybrid Defender, BIG-IP SSL Orchestrator",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441\u0430 iControl SOAP \u0441\u0440\u0435\u0434\u0441\u0442\u0432 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u0438 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0439 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 BIG-IP, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u043a\u043e\u043d\u0442\u0440\u043e\u043b\u0438\u0440\u0443\u0435\u043c\u0430\u044f \u0444\u043e\u0440\u043c\u0430\u0442\u043d\u0430\u044f \u0441\u0442\u0440\u043e\u043a\u0430 (CWE-134)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441\u0430 iControl SOAP \u0441\u0440\u0435\u0434\u0441\u0442\u0432 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u0438 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0439 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 BIG-IP \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u043d\u0435\u043a\u043e\u043d\u0442\u0440\u043e\u043b\u0438\u0440\u0443\u0435\u043c\u044b\u0445 \u0444\u043e\u0440\u043c\u0430\u0442\u043d\u044b\u0445 \u0441\u0442\u0440\u043e\u043a. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e, \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u0430\u043c\u0438",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://my.f5.com/manage/s/article/K000130415",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041f\u041e \u0441\u0435\u0442\u0435\u0432\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430, \u0421\u0435\u0442\u0435\u0432\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e, \u0421\u0435\u0442\u0435\u0432\u043e\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e, \u0421\u0440\u0435\u0434\u0441\u0442\u0432\u043e \u0437\u0430\u0449\u0438\u0442\u044b, \u041f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e \u0437\u0430\u0449\u0438\u0442\u044b, \u041f\u041e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u044b\u0445 \u0441\u0440\u0435\u0434\u0441\u0442\u0432 \u0437\u0430\u0449\u0438\u0442\u044b",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-134",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,1)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 8,5)"
}
GSD-2023-22374
Vulnerability from gsd - Updated: 2023-12-13 01:20{
"GSD": {
"alias": "CVE-2023-22374",
"id": "GSD-2023-22374"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2023-22374"
],
"details": "\nA format string vulnerability exists in iControl SOAP that allows an authenticated attacker to crash the iControl SOAP CGI process or, potentially execute arbitrary code. In appliance mode BIG-IP, a successful exploit of this vulnerability can allow the attacker to cross a security boundary.\n\u00a0Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.\n\n\n",
"id": "GSD-2023-22374",
"modified": "2023-12-13T01:20:42.818222Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "f5sirt@f5.com",
"ID": "CVE-2023-22374",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BIG-IP",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unknown",
"versions": [
{
"changes": [
{
"at": "Engineering Hotfix Available",
"status": "unaffected"
}
],
"lessThan": "17.1.0",
"status": "affected",
"version": "17.0.0",
"versionType": "semver"
},
{
"changes": [
{
"at": "Engineering Hotfix Available",
"status": "unaffected"
}
],
"lessThan": "16.1.3.4",
"status": "affected",
"version": "16.1.2.2",
"versionType": "semver"
},
{
"changes": [
{
"at": "Engineering Hotfix Available",
"status": "unaffected"
}
],
"lessThan": "15.1.8.2",
"status": "affected",
"version": "15.1.5.1",
"versionType": "semver"
},
{
"changes": [
{
"at": "Engineering Hotfix Available",
"status": "unaffected"
}
],
"lessThan": "14.1.5.4",
"status": "affected",
"version": "14.1.4.6",
"versionType": "semver"
},
{
"changes": [
{
"at": "Engineering Hotfix Available",
"status": "unaffected"
}
],
"lessThan": "*",
"status": "affected",
"version": "13.1.5",
"versionType": "semver"
}
]
}
}
]
}
}
]
},
"vendor_name": "F5"
}
]
}
},
"credits": [
{
"lang": "en",
"value": "F5 acknowledges Ron Bowes of Rapid7 for bringing this issue to our attention and following the highest standards of coordinated disclosure."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "\nA format string vulnerability exists in iControl SOAP that allows an authenticated attacker to crash the iControl SOAP CGI process or, potentially execute arbitrary code. In appliance mode BIG-IP, a successful exploit of this vulnerability can allow the attacker to cross a security boundary.\n\u00a0Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.\n\n\n"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"cweId": "CWE-134",
"lang": "eng",
"value": "CWE-134 Use of Externally-Controlled Format String"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://my.f5.com/manage/s/article/K000130415",
"refsource": "MISC",
"url": "https://my.f5.com/manage/s/article/K000130415"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_application_security_manager:13.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:17.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:13.1.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_access_policy_manager:17.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_access_policy_manager:13.1.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_analytics:17.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_analytics:13.1.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_application_security_manager:17.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:17.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:13.1.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:17.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:13.1.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_local_traffic_manager:17.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_local_traffic_manager:13.1.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_link_controller:17.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_link_controller:13.1.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_fraud_protection_service:17.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_fraud_protection_service:13.1.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_domain_name_system:17.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_ssl_orchestrator:13.1.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:13.1.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "14.1.5",
"versionStartIncluding": "14.1.4.6",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "14.1.5",
"versionStartIncluding": "14.1.4.6",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "14.1.5",
"versionStartIncluding": "14.1.4.6",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "14.1.5",
"versionStartIncluding": "14.1.4.6",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "14.1.5",
"versionStartIncluding": "14.1.4.6",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "14.1.5",
"versionStartIncluding": "14.1.4.6",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "14.1.5",
"versionStartIncluding": "14.1.4.6",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "14.1.5",
"versionStartIncluding": "14.1.4.6",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "14.1.5",
"versionStartIncluding": "14.1.4.6",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "14.1.5",
"versionStartIncluding": "14.1.4.6",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "15.1.8",
"versionStartIncluding": "15.1.5.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "15.1.8",
"versionStartIncluding": "15.1.5.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "15.1.8",
"versionStartIncluding": "15.1.5.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "15.1.8",
"versionStartIncluding": "15.1.5.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "15.1.8",
"versionStartIncluding": "15.1.5.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "15.1.8",
"versionStartIncluding": "15.1.5.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "15.1.8",
"versionStartIncluding": "15.1.5.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "15.1.8",
"versionStartIncluding": "15.1.5.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "15.1.8",
"versionStartIncluding": "15.1.5.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "15.1.8",
"versionStartIncluding": "15.1.5.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "15.1.8",
"versionStartIncluding": "15.1.5.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "15.1.8",
"versionStartIncluding": "15.1.5.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "16.1.3",
"versionStartIncluding": "16.1.2.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "16.1.3",
"versionStartIncluding": "16.1.2.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "16.1.3",
"versionStartIncluding": "16.1.2.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "16.1.3",
"versionStartIncluding": "16.1.2.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "16.1.3",
"versionStartIncluding": "16.1.2.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "16.1.3",
"versionStartIncluding": "16.1.2.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "16.1.3",
"versionStartIncluding": "16.1.2.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "16.1.3",
"versionStartIncluding": "16.1.2.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "16.1.3",
"versionStartIncluding": "16.1.2.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "16.1.3",
"versionStartIncluding": "16.1.2.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "16.1.3",
"versionStartIncluding": "16.1.2.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "16.1.3",
"versionStartIncluding": "16.1.2.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_ssl_orchestrator:17.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "f5sirt@f5.com",
"ID": "CVE-2023-22374"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "\nA format string vulnerability exists in iControl SOAP that allows an authenticated attacker to crash the iControl SOAP CGI process or, potentially execute arbitrary code. In appliance mode BIG-IP, a successful exploit of this vulnerability can allow the attacker to cross a security boundary.\n\u00a0Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.\n\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-134"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://my.f5.com/manage/s/article/K000130415",
"refsource": "MISC",
"tags": [
"Vendor Advisory"
],
"url": "https://my.f5.com/manage/s/article/K000130415"
}
]
}
},
"impact": {
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 6.0
}
},
"lastModifiedDate": "2023-10-04T16:55Z",
"publishedDate": "2023-02-01T18:15Z"
}
}
}
CERTFR-2023-AVI-0088
Vulnerability from certfr_avis - Published: 2023-02-02 - Updated: 2023-02-02
De multiples vulnérabilités ont été découvertes dans F5 BIG-IP. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
- F5 BIG-IP (tous modules) versions 17.0.0.x antérieures à 17.0.0.2
- F5 BIG-IP (tous modules) versions 16.1.x antérieures à 16.1.3.3
- F5 BIG-IP (tous modules) versions 15.1.x antérieures à 15.1.8.1
- F5 BIG-IP (tous modules) versions 14.1.x antérieures à 14.1.5.3
- BIG-IP APM Clients versions 7.2.x antérieures à 7.2.31
- BIG-IP SPK version 1.6.0
F5 indique ne pas avoir publié de correctif de sécurité pour la vulnérabilité CVE-2023-22374. Toutefois des mesures de contournement ainsi qu'un correctif temporaire sont disponibles. Cette vulnérabilité permet à un attaquant authentifié d'effectuer un déni de service et possiblement d'exécuter du code arbitraire à distance.
Des détails concernant cette vulnérabilité ont été publiés en source ouverte. Le CERT-FR anticipe donc que des preuves de concept seront rapidement disponibles publiquement, au moins en ce qui concerne le déni de service.
| Vendor | Product | Description |
|---|
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [],
"affected_systems_content": "\u003cul\u003e \u003cli\u003eF5 BIG-IP (tous modules) versions 17.0.0.x ant\u00e9rieures \u00e0 17.0.0.2\u003c/li\u003e \u003cli\u003eF5 BIG-IP (tous modules) versions 16.1.x ant\u00e9rieures \u00e0\u00a016.1.3.3\u003c/li\u003e \u003cli\u003eF5 BIG-IP (tous modules) versions 15.1.x ant\u00e9rieures \u00e0 15.1.8.1\u003c/li\u003e \u003cli\u003eF5 BIG-IP (tous modules) versions 14.1.x ant\u00e9rieures \u00e0\u00a014.1.5.3\u003c/li\u003e \u003cli\u003eBIG-IP APM Clients\u00a0versions 7.2.x ant\u00e9rieures \u00e0\u00a07.2.31\u003c/li\u003e \u003cli\u003eBIG-IP SPK version 1.6.0\u003c/li\u003e \u003c/ul\u003e \u003cp\u003eF5 indique ne pas avoir publi\u00e9 de correctif de s\u00e9curit\u00e9 pour la vuln\u00e9rabilit\u00e9 CVE-2023-22374. Toutefois des mesures de contournement ainsi qu\u0027un correctif temporaire sont disponibles. Cette vuln\u00e9rabilit\u00e9 permet \u00e0 un attaquant authentifi\u00e9 d\u0027effectuer un d\u00e9ni de service et possiblement d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance.\u003c/p\u003e \u003cp\u003eDes d\u00e9tails concernant cette vuln\u00e9rabilit\u00e9 ont \u00e9t\u00e9 publi\u00e9s en source ouverte. Le CERT-FR anticipe donc que des preuves de concept seront rapidement disponibles publiquement, au moins en ce qui concerne le d\u00e9ni de service.\u003c/p\u003e ",
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-22418",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22418"
},
{
"name": "CVE-2023-22657",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22657"
},
{
"name": "CVE-2023-22664",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22664"
},
{
"name": "CVE-2023-22340",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22340"
},
{
"name": "CVE-2023-22358",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22358"
},
{
"name": "CVE-2023-22341",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22341"
},
{
"name": "CVE-2023-22422",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22422"
},
{
"name": "CVE-2023-22281",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22281"
},
{
"name": "CVE-2023-22302",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22302"
},
{
"name": "CVE-2023-23555",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23555"
},
{
"name": "CVE-2023-22326",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22326"
},
{
"name": "CVE-2023-23552",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23552"
},
{
"name": "CVE-2023-22323",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22323"
},
{
"name": "CVE-2023-22842",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22842"
},
{
"name": "CVE-2023-22839",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22839"
},
{
"name": "CVE-2023-22374",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22374"
},
{
"name": "CVE-2023-22283",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22283"
}
],
"initial_release_date": "2023-02-02T00:00:00",
"last_revision_date": "2023-02-02T00:00:00",
"links": [],
"reference": "CERTFR-2023-AVI-0088",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-02-02T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans F5 BIG-IP.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans F5 BIG-IP",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 F5 K000130496 du 01 f\u00e9vrier 2023",
"url": "https://my.f5.com/manage/s/article/K000130496"
}
]
}
CNVD-2023-05965
Vulnerability from cnvd - Published: 2023-02-02厂商已发布了漏洞修复程序,请及时关注更新: https://my.f5.com/manage/s/article/K000130415
| Name | ['F5 BIG-IP (all modules) 17.0.0', 'F5 BIG-IP (all modules) 13.1.5', 'F5 BIG-IP (all modules) >=14.1.4.6,<=14.1.5', 'F5 BIG-IP (all modules) >=15.1.5.1,<=15.1.8', 'F5 BIG-IP (all modules) >=16.1.2.2,<=16.1.3'] |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2023-22374",
"cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2023-22374"
}
},
"description": "F5 BIG-IP\u662fF5\u516c\u53f8\u7684\u4e00\u6b3e\u96c6\u6210\u4e86\u7f51\u7edc\u6d41\u91cf\u7f16\u6392\u3001\u8d1f\u8f7d\u5747\u8861\u3001\u667a\u80fdDNS\uff0c\u8fdc\u7a0b\u63a5\u5165\u7b56\u7565\u7ba1\u7406\u7b49\u529f\u80fd\u7684\u5e94\u7528\u4ea4\u4ed8\u5e73\u53f0\u3002\n\nF5 iControl SOAP\u5b58\u5728\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\uff0c\u7ecf\u8fc7\u8eab\u4efd\u9a8c\u8bc1\u7684\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u4f7fiControl SOAP CGI\u8fdb\u7a0b\u5d29\u6e83\u6216\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002",
"formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://my.f5.com/manage/s/article/K000130415",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2023-05965",
"openTime": "2023-02-02",
"patchDescription": "F5 BIG-IP\u662fF5\u516c\u53f8\u7684\u4e00\u6b3e\u96c6\u6210\u4e86\u7f51\u7edc\u6d41\u91cf\u7f16\u6392\u3001\u8d1f\u8f7d\u5747\u8861\u3001\u667a\u80fdDNS\uff0c\u8fdc\u7a0b\u63a5\u5165\u7b56\u7565\u7ba1\u7406\u7b49\u529f\u80fd\u7684\u5e94\u7528\u4ea4\u4ed8\u5e73\u53f0\u3002\r\n\r\nF5 iControl SOAP\u5b58\u5728\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\uff0c\u7ecf\u8fc7\u8eab\u4efd\u9a8c\u8bc1\u7684\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u4f7fiControl SOAP CGI\u8fdb\u7a0b\u5d29\u6e83\u6216\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "F5 iControl SOAP\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": [
"F5 BIG-IP (all modules) 17.0.0",
"F5 BIG-IP (all modules) 13.1.5",
"F5 BIG-IP (all modules) \u003e=14.1.4.6\uff0c\u003c=14.1.5",
"F5 BIG-IP (all modules) \u003e=15.1.5.1\uff0c\u003c=15.1.8",
"F5 BIG-IP (all modules) \u003e=16.1.2.2\uff0c\u003c=16.1.3"
]
},
"referenceLink": "https://my.f5.com/manage/s/article/K000130415",
"serverity": "\u9ad8",
"submitTime": "2023-02-01",
"title": "F5 iControl SOAP\u6743\u9650\u63d0\u5347\u6f0f\u6d1e"
}
GHSA-J683-V94G-H65C
Vulnerability from github – Published: 2023-02-01 18:30 – Updated: 2023-02-09 15:30In BIG-IP starting in versions 17.0.0, 16.1.2.2, 15.1.5.1, 14.1.4.6, and 13.1.5 on their respective branches, a format string vulnerability exists in iControl SOAP that allows an authenticated attacker to crash the iControl SOAP CGI process or, potentially execute arbitrary code. In appliance mode BIG-IP, a successful exploit of this vulnerability can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
{
"affected": [],
"aliases": [
"CVE-2023-22374"
],
"database_specific": {
"cwe_ids": [
"CWE-134"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-02-01T18:15:00Z",
"severity": "CRITICAL"
},
"details": "In BIG-IP starting in versions 17.0.0, 16.1.2.2, 15.1.5.1, 14.1.4.6, and 13.1.5 on their respective branches, a format string vulnerability exists in iControl SOAP that allows an authenticated attacker to crash the iControl SOAP CGI process or, potentially execute arbitrary code. In appliance mode BIG-IP, a successful exploit of this vulnerability can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.",
"id": "GHSA-j683-v94g-h65c",
"modified": "2023-02-09T15:30:26Z",
"published": "2023-02-01T18:30:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22374"
},
{
"type": "WEB",
"url": "https://my.f5.com/manage/s/article/K000130415"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
FKIE_CVE-2023-22374
Vulnerability from fkie_nvd - Published: 2023-02-01 18:15 - Updated: 2026-06-17 05:358.5 (High) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
| URL | Tags | ||
|---|---|---|---|
| f5sirt@f5.com | https://my.f5.com/manage/s/article/K000130415 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://my.f5.com/manage/s/article/K000130415 | Vendor Advisory |
{
"affected": [
{
"affectedData": [
{
"defaultStatus": "unknown",
"modules": [
"All Modules"
],
"product": "BIG-IP",
"vendor": "F5",
"versions": [
{
"changes": [
{
"at": "Engineering Hotfix Available",
"status": "unaffected"
}
],
"lessThan": "17.1.0",
"status": "affected",
"version": "17.0.0",
"versionType": "semver"
},
{
"changes": [
{
"at": "Engineering Hotfix Available",
"status": "unaffected"
}
],
"lessThan": "16.1.3.4",
"status": "affected",
"version": "16.1.2.2",
"versionType": "semver"
},
{
"changes": [
{
"at": "Engineering Hotfix Available",
"status": "unaffected"
}
],
"lessThan": "15.1.8.2",
"status": "affected",
"version": "15.1.5.1",
"versionType": "semver"
},
{
"changes": [
{
"at": "Engineering Hotfix Available",
"status": "unaffected"
}
],
"lessThan": "14.1.5.4",
"status": "affected",
"version": "14.1.4.6",
"versionType": "semver"
},
{
"changes": [
{
"at": "Engineering Hotfix Available",
"status": "unaffected"
}
],
"lessThan": "*",
"status": "affected",
"version": "13.1.5",
"versionType": "semver"
}
]
}
],
"source": "f5sirt@f5.com"
}
],
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BEFCEE4A-EFF7-4622-964D-29706B0D0788",
"versionEndIncluding": "14.1.5",
"versionStartIncluding": "14.1.4.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "65BD1840-28C2-42B7-BE75-081DE24081A3",
"versionEndIncluding": "15.1.8",
"versionStartIncluding": "15.1.5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3D511799-6CEE-4337-BF66-38D7AF4D68C5",
"versionEndIncluding": "16.1.3",
"versionStartIncluding": "16.1.2.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:13.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B3E688B1-28C4-4F9A-9474-381FD22E792D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:17.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AD637AF5-F7D1-428F-955E-16756B7476E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "32BBAAC4-BCC4-4A84-A579-4356EF78AA22",
"versionEndIncluding": "14.1.5",
"versionStartIncluding": "14.1.4.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AA72ED00-F966-4762-9025-3DB63A1640A3",
"versionEndIncluding": "15.1.8",
"versionStartIncluding": "15.1.5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0279F4AF-C297-47B3-A1DD-C99DF6AAD215",
"versionEndIncluding": "16.1.3",
"versionStartIncluding": "16.1.2.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:13.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "200AC72D-719D-4663-BE05-C9C7826DEA68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:17.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C8332960-4AAE-4101-8FFF-2D07B6479BD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4B721D9E-AD2F-44C9-9163-3785AA1A8441",
"versionEndIncluding": "14.1.5",
"versionStartIncluding": "14.1.4.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2685F058-2BEF-4189-BFBC-2F223C776A63",
"versionEndIncluding": "15.1.8",
"versionStartIncluding": "15.1.5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
"matchCriteriaId": "79DD896D-ABC7-485B-8810-39BB65DAF76C",
"versionEndIncluding": "16.1.3",
"versionStartIncluding": "16.1.2.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_analytics:13.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "129F1B0B-44E4-4F67-B0B6-43CD2734F30A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_analytics:17.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DA0A9081-15D2-44F7-B66E-5C594F7C8066",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DC06C851-23E7-4793-9BB0-A1172B78B15F",
"versionEndIncluding": "15.1.8",
"versionStartIncluding": "15.1.5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1AAE414B-CD2C-4FE1-9124-6F43040DDFB1",
"versionEndIncluding": "16.1.3",
"versionStartIncluding": "16.1.2.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:13.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF66FD8-CDA5-4E44-8A0D-9FF07E8C1E05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:17.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EDEBE106-40F1-439C-8154-187D89988C3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AEFB9B30-9A07-4D28-B3EA-267D257B7E89",
"versionEndIncluding": "14.1.5",
"versionStartIncluding": "14.1.4.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "764E6777-2C42-46FE-A266-ABBEB05D0F1A",
"versionEndIncluding": "15.1.8",
"versionStartIncluding": "15.1.5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D90494BC-DEBB-47A2-9794-BAC0BF670A92",
"versionEndIncluding": "16.1.3",
"versionStartIncluding": "16.1.2.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:13.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D5FDBD38-369B-4007-8D9A-B65B83B2AABD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:17.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E9AB53DF-7335-462E-B8CD-44DF0DCE3826",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C278A7AA-1CA3-432D-9C22-772A288CC178",
"versionEndIncluding": "14.1.5",
"versionStartIncluding": "14.1.4.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*",
"matchCriteriaId": "785DD62D-CA21-40EC-8AF0-8CC36CCB8304",
"versionEndIncluding": "15.1.8",
"versionStartIncluding": "15.1.5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AA133203-B4FE-415D-B9C8-7CDE1A7895D9",
"versionEndIncluding": "16.1.3",
"versionStartIncluding": "16.1.2.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:13.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A8C73DC4-D85A-49A1-81BD-E9D145E42FF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "019D49C1-4A4D-40EE-8242-A649BE03E38B",
"versionEndIncluding": "14.1.5",
"versionStartIncluding": "14.1.4.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E943A8AF-F993-4C1C-ADF1-06519694E4C5",
"versionEndIncluding": "15.1.8",
"versionStartIncluding": "15.1.5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C6A12A83-966B-4B6D-AE49-C1696819E548",
"versionEndIncluding": "16.1.3",
"versionStartIncluding": "16.1.2.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:17.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DC4E36FE-C4C7-4C00-A65A-41F50FCE017D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B46626AD-CF6B-4A1C-8103-0A616C053E5D",
"versionEndIncluding": "15.1.8",
"versionStartIncluding": "15.1.5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4842CD17-44B8-456D-9AC7-A295B4D4DBEA",
"versionEndIncluding": "16.1.3",
"versionStartIncluding": "16.1.2.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:13.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F933F2D2-1C1D-43F0-9BD2-4699716E4A94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:17.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4D0954BD-CC9C-448F-A9C1-3FB71AB27D6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FDC74428-66DF-4A88-A6F5-064160B4C72C",
"versionEndIncluding": "14.1.5",
"versionStartIncluding": "14.1.4.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "44E0FC7E-30C1-49D7-9B89-4CB747B28CBD",
"versionEndIncluding": "15.1.8",
"versionStartIncluding": "15.1.5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1647DB93-A49C-4A04-B181-3465427D4B17",
"versionEndIncluding": "16.1.3",
"versionStartIncluding": "16.1.2.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_link_controller:13.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "26873D65-5406-45AF-A7F4-14AF2C55D368",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_link_controller:17.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A7B147BB-1B2E-4F40-9FA7-1165B8F0B60D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8155903D-1A5F-482E-B356-526E9A973BBC",
"versionEndIncluding": "14.1.5",
"versionStartIncluding": "14.1.4.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F3938C6C-6855-4873-89EA-4C8B8EFD571C",
"versionEndIncluding": "15.1.8",
"versionStartIncluding": "15.1.5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0E52120D-FBF7-4687-87A8-BC4AE07DC734",
"versionEndIncluding": "16.1.3",
"versionStartIncluding": "16.1.2.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:13.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4E37750C-50F3-480A-AA40-23D59F50E4B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:17.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "73FB842B-33B1-4AD4-AC61-47192A87A785",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "04FFF651-F115-4591-BA61-E099DE307168",
"versionEndIncluding": "14.1.5",
"versionStartIncluding": "14.1.4.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FC136CEA-2431-4D53-B898-E245826A9995",
"versionEndIncluding": "15.1.8",
"versionStartIncluding": "15.1.5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1CD177FA-262E-4874-9850-4E8525181ACE",
"versionEndIncluding": "16.1.3",
"versionStartIncluding": "16.1.2.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:13.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F754F6FC-2A29-453F-9E9B-39C779830562",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:17.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "509A4307-3EC4-4AE7-AF72-3C2B3CF9E754",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "854D89CF-0E69-4BA9-A881-02673E3D91F3",
"versionEndIncluding": "14.1.5",
"versionStartIncluding": "14.1.4.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D03D7294-C5CD-4EC1-8200-A998AED7F8E5",
"versionEndIncluding": "15.1.8",
"versionStartIncluding": "15.1.5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D2DACFE8-5E0B-49EC-894E-175591E9C775",
"versionEndIncluding": "16.1.3",
"versionStartIncluding": "16.1.2.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_ssl_orchestrator:13.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "BC4686BF-A9FA-4770-BD06-74BA4CA49FCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_ssl_orchestrator:17.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "88B13312-1958-4B5C-BD4B-2075F6BF8C98",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "\nA format string vulnerability exists in iControl SOAP that allows an authenticated attacker to crash the iControl SOAP CGI process or, potentially execute arbitrary code. In appliance mode BIG-IP, a successful exploit of this vulnerability can allow the attacker to cross a security boundary.\n\u00a0Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.\n\n\n"
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de cadena de formato en iControl SOAP que permite a un atacante autenticado bloquear el proceso CGI de iControl SOAP o, potencialmente, ejecutar c\u00f3digo arbitrario. En el modo de dispositivo BIG-IP, una explotaci\u00f3n exitosa de esta vulnerabilidad puede permitir al atacante cruzar un l\u00edmite de seguridad. Nota: Las versiones de software que han llegado al final del soporte t\u00e9cnico (EoTS) no se eval\u00faan."
}
],
"id": "CVE-2023-22374",
"lastModified": "2026-06-17T05:35:15.507",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 6.0,
"source": "f5sirt@f5.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Secondary"
}
],
"ssvcV203": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"ssvcData": {
"id": "CVE-2023-22374",
"options": [
{
"exploitation": "none"
},
{
"automatable": "no"
},
{
"technicalImpact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-26T17:50:54.452809Z",
"version": "2.0.3"
}
}
]
},
"published": "2023-02-01T18:15:11.363",
"references": [
{
"source": "f5sirt@f5.com",
"tags": [
"Vendor Advisory"
],
"url": "https://my.f5.com/manage/s/article/K000130415"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://my.f5.com/manage/s/article/K000130415"
}
],
"sourceIdentifier": "f5sirt@f5.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-134"
}
],
"source": "f5sirt@f5.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-134"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.