CVE-2023-22374

CVSS V2 None CVSS V3 None
Description
In BIG-IP starting in versions 17.0.0, 16.1.2.2, 15.1.5.1, 14.1.4.6, and 13.1.5 on their respective branches, a format string vulnerability exists in iControl SOAP that allows an authenticated attacker to crash the iControl SOAP CGI process or, potentially execute arbitrary code. In appliance mode BIG-IP, a successful exploit of this vulnerability can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Overview
  • CVE ID
  • CVE-2023-22374
  • Assigner
  • f5sirt@f5.com
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2023-02-01T18:15:11
  • Last Modified Date
  • 2023-03-15T16:08:58
Weakness Enumerations
CWE URL
CWE-134 http://cwe.mitre.org/data/definitions/134.html
CWE-134 http://cwe.mitre.org/data/definitions/134.html
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:* 1 OR 14.1.4.6 14.1.5
cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:* 1 OR 15.1.5.1 15.1.8
cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:* 1 OR 16.1.2.2 16.1.3
cpe:2.3:a:f5:big-ip_access_policy_manager:13.1.5:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:f5:big-ip_access_policy_manager:17.0.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:* 1 OR 14.1.4.6 14.1.5
cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:* 1 OR 15.1.5.1 15.1.8
cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:* 1 OR 16.1.2.2 16.1.3
cpe:2.3:a:f5:big-ip_advanced_firewall_manager:13.1.5:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:f5:big-ip_advanced_firewall_manager:17.0.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:* 1 OR 14.1.4.6 14.1.5
cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:* 1 OR 15.1.5.1 15.1.8
cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:* 1 OR 16.1.2.2 16.1.3
cpe:2.3:a:f5:big-ip_analytics:13.1.5:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:f5:big-ip_analytics:17.0.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:* 1 OR 15.1.5.1 15.1.8
cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:* 1 OR 16.1.2.2 16.1.3
cpe:2.3:a:f5:big-ip_application_acceleration_manager:13.1.5:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:f5:big-ip_application_acceleration_manager:17.0.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:* 1 OR 14.1.4.6 14.1.5
cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:* 1 OR 15.1.5.1 15.1.8
cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:* 1 OR 16.1.2.2 16.1.3
cpe:2.3:a:f5:big-ip_application_security_manager:13.1.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:f5:big-ip_application_security_manager:17.0.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:* 1 OR 14.1.4.6 14.1.5
cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:* 1 OR 15.1.5.1 15.1.8
cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:* 1 OR 16.1.2.2 16.1.3
cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:13.1.5:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:* 1 OR 14.1.4.6 14.1.5
cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:* 1 OR 15.1.5.1 15.1.8
cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:* 1 OR 16.1.2.2 16.1.3
cpe:2.3:a:f5:big-ip_domain_name_system:17.0.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:* 1 OR 15.1.5.1 15.1.8
cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:* 1 OR 16.1.2.2 16.1.3
cpe:2.3:a:f5:big-ip_fraud_protection_service:13.1.5:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:f5:big-ip_fraud_protection_service:17.0.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:* 1 OR 14.1.4.6 14.1.5
cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:* 1 OR 15.1.5.1 15.1.8
cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:* 1 OR 16.1.2.2 16.1.3
cpe:2.3:a:f5:big-ip_link_controller:13.1.5:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:f5:big-ip_link_controller:17.0.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:* 1 OR 14.1.4.6 14.1.5
cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:* 1 OR 15.1.5.1 15.1.8
cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:* 1 OR 16.1.2.2 16.1.3
cpe:2.3:a:f5:big-ip_local_traffic_manager:13.1.5:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:f5:big-ip_local_traffic_manager:17.0.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:* 1 OR 14.1.4.6 14.1.5
cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:* 1 OR 15.1.5.1 15.1.8
cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:* 1 OR 16.1.2.2 16.1.3
cpe:2.3:a:f5:big-ip_policy_enforcement_manager:13.1.5:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:f5:big-ip_policy_enforcement_manager:17.0.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:* 1 OR 14.1.4.6 14.1.5
cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:* 1 OR 15.1.5.1 15.1.8
cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:* 1 OR 16.1.2.2 16.1.3
cpe:2.3:a:f5:big-ip_ssl_orchestrator:13.1.5:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:f5:big-ip_ssl_orchestrator:17.0.0:*:*:*:*:*:*:* 1 OR
References
Reference URL Reference Tags
https://my.f5.com/manage/s/article/K000130415 Vendor Advisory
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2023-22374
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22374
History
Created Old Value New Value Data Type Notes
2023-04-17 07:04:53 Added to TrackCVE
2023-04-17 07:04:55 Weakness Enumeration new