Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-28406

A directory traversal vulnerability exists in an undisclosed page of the BIG-IP Configuration utility which may allow an authenticated attacker to read files with .xml extension. Access to restricted information is limited and the attacker does not control what information is obtained. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Published

2023-05-03T15:15:12.720

Last Modified

2024-11-21T07:55:00.243

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 4.3 (MEDIUM)

Weaknesses

Type: Primary
CWE-22

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	f5	big-ip_access_policy_manager	≤ 13.1.5	Yes
Application	f5	big-ip_access_policy_manager	< 14.1.5.4	Yes
Application	f5	big-ip_access_policy_manager	< 15.1.8.2	Yes
Application	f5	big-ip_access_policy_manager	< 16.1.3.4	Yes
Application	f5	big-ip_access_policy_manager	< 17.1.0.1	Yes
Application	f5	big-ip_advanced_firewall_manager	≤ 13.1.5	Yes
Application	f5	big-ip_advanced_firewall_manager	< 14.1.5.4	Yes
Application	f5	big-ip_advanced_firewall_manager	< 15.1.8.2	Yes
Application	f5	big-ip_advanced_firewall_manager	< 16.1.3.4	Yes
Application	f5	big-ip_advanced_firewall_manager	< 17.1.0.1	Yes
Application	f5	big-ip_advanced_web_application_firewall	≤ 13.1.5	Yes
Application	f5	big-ip_advanced_web_application_firewall	< 14.1.5.4	Yes
Application	f5	big-ip_advanced_web_application_firewall	< 15.1.8.2	Yes
Application	f5	big-ip_advanced_web_application_firewall	< 16.1.3.4	Yes
Application	f5	big-ip_advanced_web_application_firewall	< 17.1.0.1	Yes
Application	f5	big-ip_analytics	≤ 13.1.5	Yes
Application	f5	big-ip_analytics	< 14.1.5.4	Yes
Application	f5	big-ip_analytics	< 15.1.8.2	Yes
Application	f5	big-ip_analytics	< 16.1.3.4	Yes
Application	f5	big-ip_analytics	< 17.1.0.1	Yes
Application	f5	big-ip_application_acceleration_manager	≤ 13.1.5	Yes
Application	f5	big-ip_application_acceleration_manager	< 14.1.5.4	Yes
Application	f5	big-ip_application_acceleration_manager	< 15.1.8.2	Yes
Application	f5	big-ip_application_acceleration_manager	< 16.1.3.4	Yes
Application	f5	big-ip_application_acceleration_manager	< 17.1.0.1	Yes
Application	f5	big-ip_application_security_manager	≤ 13.1.5	Yes
Application	f5	big-ip_application_security_manager	< 14.1.5.4	Yes
Application	f5	big-ip_application_security_manager	< 15.1.8.2	Yes
Application	f5	big-ip_application_security_manager	< 16.1.3.4	Yes
Application	f5	big-ip_application_security_manager	< 17.1.0.1	Yes
Application	f5	big-ip_application_visibility_and_reporting	≤ 13.1.5	Yes
Application	f5	big-ip_application_visibility_and_reporting	< 14.1.5.4	Yes
Application	f5	big-ip_application_visibility_and_reporting	< 15.1.8.2	Yes
Application	f5	big-ip_application_visibility_and_reporting	< 16.1.3.4	Yes
Application	f5	big-ip_application_visibility_and_reporting	< 17.1.0.1	Yes
Application	f5	big-ip_carrier-grade_nat	≤ 13.1.5	Yes
Application	f5	big-ip_carrier-grade_nat	< 14.1.5.4	Yes
Application	f5	big-ip_carrier-grade_nat	< 15.1.8.2	Yes
Application	f5	big-ip_carrier-grade_nat	< 16.1.3.4	Yes
Application	f5	big-ip_carrier-grade_nat	< 17.1.0.1	Yes
Application	f5	big-ip_ddos_hybrid_defender	≤ 13.1.5	Yes
Application	f5	big-ip_ddos_hybrid_defender	< 14.1.5.4	Yes
Application	f5	big-ip_ddos_hybrid_defender	< 15.1.8.2	Yes
Application	f5	big-ip_ddos_hybrid_defender	< 16.1.3.4	Yes
Application	f5	big-ip_ddos_hybrid_defender	< 17.1.0.1	Yes
Application	f5	big-ip_domain_name_system	≤ 13.1.5	Yes
Application	f5	big-ip_domain_name_system	< 14.1.5.4	Yes
Application	f5	big-ip_domain_name_system	< 15.1.8.2	Yes
Application	f5	big-ip_domain_name_system	< 16.1.3.4	Yes
Application	f5	big-ip_domain_name_system	< 17.1.0.1	Yes
Application	f5	big-ip_edge_gateway	≤ 13.1.5	Yes
Application	f5	big-ip_edge_gateway	< 14.1.5.4	Yes
Application	f5	big-ip_edge_gateway	< 15.1.8.2	Yes
Application	f5	big-ip_edge_gateway	< 16.1.3.4	Yes
Application	f5	big-ip_edge_gateway	< 17.1.0.1	Yes
Application	f5	big-ip_fraud_protection_service	≤ 13.1.5	Yes
Application	f5	big-ip_fraud_protection_service	< 14.1.5.4	Yes
Application	f5	big-ip_fraud_protection_service	< 15.1.8.2	Yes
Application	f5	big-ip_fraud_protection_service	< 16.1.3.4	Yes
Application	f5	big-ip_fraud_protection_service	< 17.1.0.1	Yes
Application	f5	big-ip_global_traffic_manager	≤ 13.1.5	Yes
Application	f5	big-ip_global_traffic_manager	< 14.1.5.4	Yes
Application	f5	big-ip_global_traffic_manager	< 15.1.8.2	Yes
Application	f5	big-ip_global_traffic_manager	< 16.1.3.4	Yes
Application	f5	big-ip_global_traffic_manager	< 17.1.0.1	Yes
Application	f5	big-ip_link_controller	≤ 13.1.5	Yes
Application	f5	big-ip_link_controller	< 14.1.5.4	Yes
Application	f5	big-ip_link_controller	< 15.1.8.2	Yes
Application	f5	big-ip_link_controller	< 16.1.3.4	Yes
Application	f5	big-ip_link_controller	< 17.1.0.1	Yes
Application	f5	big-ip_local_traffic_manager	≤ 13.1.5	Yes
Application	f5	big-ip_local_traffic_manager	< 14.1.5.4	Yes
Application	f5	big-ip_local_traffic_manager	< 15.1.8.2	Yes
Application	f5	big-ip_local_traffic_manager	< 16.1.3.4	Yes
Application	f5	big-ip_local_traffic_manager	< 17.1.0.1	Yes
Application	f5	big-ip_policy_enforcement_manager	≤ 13.1.5	Yes
Application	f5	big-ip_policy_enforcement_manager	< 14.1.5.4	Yes
Application	f5	big-ip_policy_enforcement_manager	< 15.1.8.2	Yes
Application	f5	big-ip_policy_enforcement_manager	< 16.1.3.4	Yes
Application	f5	big-ip_policy_enforcement_manager	< 17.1.0.1	Yes
Application	f5	big-ip_ssl_orchestrator	≤ 13.1.5	Yes
Application	f5	big-ip_ssl_orchestrator	< 14.1.5.4	Yes
Application	f5	big-ip_ssl_orchestrator	< 15.1.8.2	Yes
Application	f5	big-ip_ssl_orchestrator	< 16.1.3.4	Yes
Application	f5	big-ip_ssl_orchestrator	< 17.1.0.1	Yes
Application	f5	big-ip_webaccelerator	≤ 13.1.5	Yes
Application	f5	big-ip_webaccelerator	< 14.1.5.4	Yes
Application	f5	big-ip_webaccelerator	< 15.1.8.2	Yes
Application	f5	big-ip_webaccelerator	< 16.1.3.4	Yes
Application	f5	big-ip_webaccelerator	< 17.1.0.1	Yes
Application	f5	big-ip_websafe	≤ 13.1.5	Yes
Application	f5	big-ip_websafe	< 14.1.5.4	Yes
Application	f5	big-ip_websafe	< 15.1.8.2	Yes
Application	f5	big-ip_websafe	< 16.1.3.4	Yes
Application	f5	big-ip_websafe	< 17.1.0.1	Yes

References

https://my.f5.com/manage/s/article/K000132768 Vendor Advisory ([email protected])
https://my.f5.com/manage/s/article/K000132768 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)