Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-22374

A format string vulnerability exists in iControl SOAP that allows an authenticated attacker to crash the iControl SOAP CGI process or, potentially execute arbitrary code. In appliance mode BIG-IP, a successful exploit of this vulnerability can allow the attacker to cross a security boundary.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Published

2023-02-01T18:15:11.363

Last Modified

2024-11-21T07:44:39.350

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 8.5 (HIGH)

Weaknesses
  • Type: Secondary
    CWE-134
  • Type: Primary
    CWE-134
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application f5 big-ip_access_policy_manager ≤ 14.1.5 Yes
Application f5 big-ip_access_policy_manager ≤ 15.1.8 Yes
Application f5 big-ip_access_policy_manager ≤ 16.1.3 Yes
Application f5 big-ip_access_policy_manager 13.1.5 Yes
Application f5 big-ip_access_policy_manager 17.0.0 Yes
Application f5 big-ip_advanced_firewall_manager ≤ 14.1.5 Yes
Application f5 big-ip_advanced_firewall_manager ≤ 15.1.8 Yes
Application f5 big-ip_advanced_firewall_manager ≤ 16.1.3 Yes
Application f5 big-ip_advanced_firewall_manager 13.1.5 Yes
Application f5 big-ip_advanced_firewall_manager 17.0.0 Yes
Application f5 big-ip_analytics ≤ 14.1.5 Yes
Application f5 big-ip_analytics ≤ 15.1.8 Yes
Application f5 big-ip_analytics ≤ 16.1.3 Yes
Application f5 big-ip_analytics 13.1.5 Yes
Application f5 big-ip_analytics 17.0.0 Yes
Application f5 big-ip_application_acceleration_manager ≤ 15.1.8 Yes
Application f5 big-ip_application_acceleration_manager ≤ 16.1.3 Yes
Application f5 big-ip_application_acceleration_manager 13.1.5 Yes
Application f5 big-ip_application_acceleration_manager 17.0.0 Yes
Application f5 big-ip_application_security_manager ≤ 14.1.5 Yes
Application f5 big-ip_application_security_manager ≤ 15.1.8 Yes
Application f5 big-ip_application_security_manager ≤ 16.1.3 Yes
Application f5 big-ip_application_security_manager 13.1.0 Yes
Application f5 big-ip_application_security_manager 17.0.0 Yes
Application f5 big-ip_ddos_hybrid_defender ≤ 14.1.5 Yes
Application f5 big-ip_ddos_hybrid_defender ≤ 15.1.8 Yes
Application f5 big-ip_ddos_hybrid_defender ≤ 16.1.3 Yes
Application f5 big-ip_ddos_hybrid_defender 13.1.5 Yes
Application f5 big-ip_domain_name_system ≤ 14.1.5 Yes
Application f5 big-ip_domain_name_system ≤ 15.1.8 Yes
Application f5 big-ip_domain_name_system ≤ 16.1.3 Yes
Application f5 big-ip_domain_name_system 17.0.0 Yes
Application f5 big-ip_fraud_protection_service ≤ 15.1.8 Yes
Application f5 big-ip_fraud_protection_service ≤ 16.1.3 Yes
Application f5 big-ip_fraud_protection_service 13.1.5 Yes
Application f5 big-ip_fraud_protection_service 17.0.0 Yes
Application f5 big-ip_link_controller ≤ 14.1.5 Yes
Application f5 big-ip_link_controller ≤ 15.1.8 Yes
Application f5 big-ip_link_controller ≤ 16.1.3 Yes
Application f5 big-ip_link_controller 13.1.5 Yes
Application f5 big-ip_link_controller 17.0.0 Yes
Application f5 big-ip_local_traffic_manager ≤ 14.1.5 Yes
Application f5 big-ip_local_traffic_manager ≤ 15.1.8 Yes
Application f5 big-ip_local_traffic_manager ≤ 16.1.3 Yes
Application f5 big-ip_local_traffic_manager 13.1.5 Yes
Application f5 big-ip_local_traffic_manager 17.0.0 Yes
Application f5 big-ip_policy_enforcement_manager ≤ 14.1.5 Yes
Application f5 big-ip_policy_enforcement_manager ≤ 15.1.8 Yes
Application f5 big-ip_policy_enforcement_manager ≤ 16.1.3 Yes
Application f5 big-ip_policy_enforcement_manager 13.1.5 Yes
Application f5 big-ip_policy_enforcement_manager 17.0.0 Yes
Application f5 big-ip_ssl_orchestrator ≤ 14.1.5 Yes
Application f5 big-ip_ssl_orchestrator ≤ 15.1.8 Yes
Application f5 big-ip_ssl_orchestrator ≤ 16.1.3 Yes
Application f5 big-ip_ssl_orchestrator 13.1.5 Yes
Application f5 big-ip_ssl_orchestrator 17.0.0 Yes
References