gsd-2023-46748
Vulnerability from gsd
Modified
2023-12-13 01:20
Details
An authenticated SQL injection vulnerability exists in the BIG-IP Configuration utility which
may allow an authenticated attacker with network access to the Configuration utility through the BIG-IP management port and/or self IP addresses to execute arbitrary system commands.
Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
Aliases
Aliases
{ "GSD": { "alias": "CVE-2023-46748", "id": "GSD-2023-46748" }, "gsd": { "metadata": { "exploitCode": "unknown", "remediation": "unknown", "reportConfidence": "confirmed", "type": "vulnerability" }, "osvSchema": { "aliases": [ "CVE-2023-46748" ], "details": "An authenticated SQL injection vulnerability exists in the BIG-IP Configuration utility which \n\nmay allow an authenticated attacker with network access to the Configuration utility through the BIG-IP management port and/or self IP addresses to execute arbitrary system commands.\n\n\u00a0Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated", "id": "GSD-2023-46748", "modified": "2023-12-13T01:20:53.242576Z", "schema_version": "1.4.0" } }, "namespaces": { "cve.org": { "CVE_data_meta": { "ASSIGNER": "f5sirt@f5.com", "ID": "CVE-2023-46748", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "BIG-IP", "version": { "version_data": [ { "version_value": "not down converted", "x_cve_json_5_version_data": { "defaultStatus": "unknown", "versions": [ { "changes": [ { "at": "Hotfix-BIGIP-17.1.0.3.0.75.4-ENG.iso", "status": "unaffected" }, { "at": "Hotfix-BIGIP-17.1.1.0.2.6-ENG.iso", "status": "unaffected" } ], "lessThan": "*", "status": "affected", "version": "17.1.0", "versionType": "semver" }, { "changes": [ { "at": "Hotfix-BIGIP-16.1.4.1.0.50.5-ENG.iso", "status": "unaffected" } ], "lessThan": "*", "status": "affected", "version": "16.1.0", "versionType": "semver" }, { "changes": [ { "at": "Hotfix-BIGIP-15.1.10.2.0.44.2-ENG.iso", "status": "unaffected" } ], "lessThan": "*", "status": "affected", "version": "15.1.0", "versionType": "semver" }, { "changes": [ { "at": "Hotfix-BIGIP-14.1.5.6.0.10.6-ENG.iso", "status": "unaffected" } ], "lessThan": "*", "status": "affected", "version": "14.1.0", "versionType": "semver" }, { "changes": [ { "at": "Hotfix-BIGIP-13.1.5.1.0.20.2-ENG.iso", "status": "unaffected" } ], "lessThan": "*", "status": "affected", "version": "13.1.0", "versionType": "semver" } ] } } ] } } ] }, "vendor_name": "F5" } ] } }, "credits": [ { "lang": "en", "value": "F5 acknowledges researchers who would like to remain anonymous for bringing this issue to our attention and following the highest standards of coordinated disclosure." } ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An authenticated SQL injection vulnerability exists in the BIG-IP Configuration utility which \n\nmay allow an authenticated attacker with network access to the Configuration utility through the BIG-IP management port and/or self IP addresses to execute arbitrary system commands.\n\n\u00a0Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated" } ] }, "generator": { "engine": "F5 SIRTBot v1.0" }, "impact": { "cvss": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "cweId": "CWE-89", "lang": "eng", "value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)" } ] } ] }, "references": { "reference_data": [ { "name": "https://my.f5.com/manage/s/article/K000137365", "refsource": "MISC", "url": "https://my.f5.com/manage/s/article/K000137365" }, { "name": "https://www.secpod.com/blog/f5-issues-warning-big-ip-vulnerability-used-in-active-exploit-chain/", "refsource": "MISC", "url": "https://www.secpod.com/blog/f5-issues-warning-big-ip-vulnerability-used-in-active-exploit-chain/" } ] }, "source": { "discovery": "EXTERNAL" } }, "nvd.nist.gov": { "cve": { "cisaActionDue": "2023-11-21", "cisaExploitAdd": "2023-10-31", "cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", "cisaVulnerabilityName": "F5 BIG-IP Configuration Utility SQL Injection Vulnerability", "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "D93F04AD-DF14-48AB-9F13-8B2E491CF42E", "versionEndIncluding": "13.1.5", "versionStartIncluding": "13.1.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "7522C760-7E07-406F-BF50-5656D5723C4F", "versionEndIncluding": "14.1.5", "versionStartIncluding": "14.1.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "3A7F605E-EB10-40FB-98D6-7E3A95E310BC", "versionEndIncluding": "15.1.10", "versionStartIncluding": "15.1.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "783E62F2-F867-48F1-B123-D1227C970674", "versionEndIncluding": "16.1.4", "versionStartIncluding": "16.1.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "DB629442-AB06-4552-A7A2-CAF967E47C39", "versionEndIncluding": "17.1.1", "versionStartIncluding": "17.1.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "6603ED6A-3366-4572-AFCD-B3D4B1EC7606", "versionEndIncluding": "13.1.5", "versionStartIncluding": "13.1.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "88978E38-81D3-4EFE-8525-A300B101FA69", "versionEndIncluding": "14.1.5", "versionStartIncluding": "14.1.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "0510296F-92D7-4388-AE3A-0D9799C2FC4D", "versionEndIncluding": "15.1.10", "versionStartIncluding": "15.1.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "D7698D6C-B1F7-43C1-BBA6-88E956356B3D", "versionEndIncluding": "16.1.4", "versionStartIncluding": "16.1.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "E1EA69BC-2AAF-4652-BD2D-95BB754880AF", "versionEndIncluding": "17.1.1", "versionStartIncluding": "17.1.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:*", "matchCriteriaId": "4C9FCBCB-9CE0-49E7-85C8-69E71D211912", "versionEndIncluding": "13.1.5", "versionStartIncluding": "13.1.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:*", "matchCriteriaId": "112DFA85-90AD-478D-BD70-8C7C0C074F1B", "versionEndIncluding": "14.1.5", "versionStartIncluding": "14.1.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:*", "matchCriteriaId": "DB704A1C-D8B7-48BB-A15A-C14DB591FE4A", "versionEndIncluding": "15.1.10", "versionStartIncluding": "15.1.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:*", "matchCriteriaId": "21D51D9F-2840-4DEA-A007-D20111A1745C", "versionEndIncluding": "16.1.4", "versionStartIncluding": "16.1.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:*", "matchCriteriaId": "C640FA3F-7AB7-4875-B01D-9DB41CEB432B", "versionEndIncluding": "17.1.1", "versionStartIncluding": "17.1.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*", "matchCriteriaId": "CAEF3EA4-7D5A-4B44-9CE3-258AEC745866", "versionEndIncluding": "13.1.5", "versionStartIncluding": "13.1.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*", "matchCriteriaId": "2FBCE2D1-9D93-415D-AB2C-2060307C305A", "versionEndIncluding": "14.1.5", "versionStartIncluding": "14.1.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*", "matchCriteriaId": "8070B469-8CC4-4D2F-97D7-12D0ABB963C1", "versionEndIncluding": "15.1.10", "versionStartIncluding": "15.1.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*", "matchCriteriaId": "A326597E-725D-45DE-BEF7-2ED92137B253", "versionEndIncluding": "16.1.4", "versionStartIncluding": "16.1.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*", "matchCriteriaId": "7479843E-F2D9-4815-95BC-F4223119753C", "versionEndIncluding": "17.1.1", "versionStartIncluding": "17.1.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*", "matchCriteriaId": "8A6F9699-A485-4614-8F38-5A556D31617E", "versionEndIncluding": "13.1.5", "versionStartIncluding": "13.1.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*", "matchCriteriaId": "5A90F547-97A2-41EC-9FDF-25F869F0FA38", "versionEndIncluding": "14.1.5", "versionStartIncluding": "14.1.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*", "matchCriteriaId": "E76E1B82-F1DC-4366-B388-DBDF16C586A0", "versionEndIncluding": "15.1.10", "versionStartIncluding": "15.1.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*", "matchCriteriaId": "660137F4-15A1-42D1-BBAC-99A1D5BB398B", "versionEndIncluding": "16.1.4", "versionStartIncluding": "16.1.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*", "matchCriteriaId": "25E7DBE6-D708-4257-BA8B-90A4DB6DE1EA", "versionEndIncluding": "17.1.1", "versionStartIncluding": "17.1.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "0360F76D-E75E-4B05-A294-B47012323ED9", "versionEndIncluding": "13.1.5", "versionStartIncluding": "13.1.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "7A4607BF-41AC-4E84-A110-74E085FF0445", "versionEndIncluding": "14.1.5", "versionStartIncluding": "14.1.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "441CC945-7CA3-49C0-AE10-94725301E31D", "versionEndIncluding": "15.1.10", "versionStartIncluding": "15.1.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "46BA8E8A-6ED5-4FB2-8BBC-586AA031085A", "versionEndIncluding": "16.1.4", "versionStartIncluding": "16.1.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "820076A8-F163-4471-8B1E-5290BD1D6D93", "versionEndIncluding": "17.1.1", "versionStartIncluding": "17.1.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "8257AA59-C14D-4EC1-B22C-DFBB92CBC297", "versionEndIncluding": "13.1.5", "versionStartIncluding": "13.1.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "37DB32BB-F4BA-4FB5-94B1-55C3F06749CF", "versionEndIncluding": "14.1.5", "versionStartIncluding": "14.1.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "FFF5007E-761C-4697-8D34-C064DF0ABE8D", "versionEndIncluding": "15.1.10", "versionStartIncluding": "15.1.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "910441D3-90EF-4375-B007-D51120A60AB2", "versionEndIncluding": "16.1.4", "versionStartIncluding": "16.1.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "17523F89-DF78-45B7-AEAB-A4886E99E08B", "versionEndIncluding": "17.1.1", "versionStartIncluding": "17.1.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:f5:big-ip_automation_toolchain:*:*:*:*:*:*:*:*", "matchCriteriaId": "89ADA880-7A5B-49DA-AEA4-BC19D7C41916", "versionEndIncluding": "13.1.5", "versionStartIncluding": "13.1.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_automation_toolchain:*:*:*:*:*:*:*:*", "matchCriteriaId": "3D33AA82-3AE5-4165-9B54-8C03381D98AD", "versionEndIncluding": "14.1.5", "versionStartIncluding": "14.1.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_automation_toolchain:*:*:*:*:*:*:*:*", "matchCriteriaId": "56800E2E-119D-468B-B407-9CFACD8C00D7", "versionEndIncluding": "15.1.10", "versionStartIncluding": "15.1.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_automation_toolchain:*:*:*:*:*:*:*:*", "matchCriteriaId": "CAA278BA-B020-4BED-91DA-1CD8966512D6", "versionEndIncluding": "16.1.4", "versionStartIncluding": "16.1.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_automation_toolchain:*:*:*:*:*:*:*:*", "matchCriteriaId": "E874DD74-E654-44EE-A1A3-57D7CA772FB1", "versionEndIncluding": "17.1.1", "versionStartIncluding": "17.1.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:f5:big-ip_container_ingress_services:*:*:*:*:*:*:*:*", "matchCriteriaId": "5D87EE02-C9AF-4824-BAB1-5F674C51D78E", "versionEndIncluding": "13.1.5", "versionStartIncluding": "13.1.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_container_ingress_services:*:*:*:*:*:*:*:*", "matchCriteriaId": "5630F852-7110-4332-95DF-2D34365BA076", "versionEndIncluding": "14.1.5", "versionStartIncluding": "14.1.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_container_ingress_services:*:*:*:*:*:*:*:*", "matchCriteriaId": "425A5D8F-C719-459F-8FF4-FC3EFB4B6BB3", "versionEndIncluding": "15.1.10", "versionStartIncluding": "15.1.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_container_ingress_services:*:*:*:*:*:*:*:*", "matchCriteriaId": "3095B6F6-C2FF-44B2-97AA-EEF5F475A608", "versionEndIncluding": "16.1.4", "versionStartIncluding": "16.1.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_container_ingress_services:*:*:*:*:*:*:*:*", "matchCriteriaId": "437CA326-41B9-4DBD-93B6-1FF93F5EAFCE", "versionEndIncluding": "17.1.1", "versionStartIncluding": "17.1.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*", "matchCriteriaId": "05E452AA-A520-4CBE-8767-147772B69194", "versionEndIncluding": "13.1.5", "versionStartIncluding": "13.1.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*", "matchCriteriaId": "596FC5D5-7329-4E39-841E-CAE937C02219", "versionEndIncluding": "14.1.5", "versionStartIncluding": "14.1.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*", "matchCriteriaId": "B3C7A168-F370-441E-8790-73014BCEC39F", "versionEndIncluding": "15.1.10", "versionStartIncluding": "15.1.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*", "matchCriteriaId": "CF16FD01-7704-40AB-ACB2-80A883804D22", "versionEndIncluding": "16.1.4", "versionStartIncluding": "16.1.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*", "matchCriteriaId": "732CE215-90B1-444A-BBA4-3FF63D6C63DF", "versionEndIncluding": "17.1.1", "versionStartIncluding": "17.1.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", "matchCriteriaId": "08B25AAB-A98C-4F89-9131-29E3A8C0ED23", "versionEndIncluding": "13.1.5", "versionStartIncluding": "13.1.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", "matchCriteriaId": "ED9B976A-D3AD-4445-BF8A-067C3EBDFBB0", "versionEndIncluding": "14.1.5", "versionStartIncluding": "14.1.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", "matchCriteriaId": "98D2CE1E-DED0-470A-AA78-C78EF769C38E", "versionEndIncluding": "15.1.10", "versionStartIncluding": "15.1.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", "matchCriteriaId": "C966FABA-7199-4F0D-AB8C-4590FE9D2FFF", "versionEndIncluding": "16.1.4", "versionStartIncluding": "16.1.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", "matchCriteriaId": "375D359B-E05B-4AEC-9B39-46911847A410", "versionEndIncluding": "17.1.1", "versionStartIncluding": "17.1.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "922AA845-530A-4B4B-9976-4CBC30C8A324", "versionEndIncluding": "13.1.5", "versionStartIncluding": "13.1.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "F938EB43-8373-47EB-B269-C6DF058A9244", "versionEndIncluding": "14.1.5", "versionStartIncluding": "14.1.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "1771493E-ACAA-477F-8AB4-25DB12F6AD6E", "versionEndIncluding": "15.1.10", "versionStartIncluding": "15.1.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "5E86F3D5-65A4-48CE-A6A2-736BBB88E3F8", "versionEndIncluding": "16.1.4", "versionStartIncluding": "16.1.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "31C4D96A-6D71-44B5-8B94-AE9DFA93873B", "versionEndIncluding": "17.1.1", "versionStartIncluding": "17.1.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", "matchCriteriaId": "9167FEC1-2C37-4946-9657-B4E69301FB24", "versionEndIncluding": "13.1.5", "versionStartIncluding": "13.1.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", "matchCriteriaId": "7B4B3442-E0C0-48CD-87AD-060E15C9801E", "versionEndIncluding": "14.1.5", "versionStartIncluding": "14.1.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", "matchCriteriaId": "8FA85EC1-D91A-49DD-949B-2AF7AC813CA5", "versionEndIncluding": "15.1.10", "versionStartIncluding": "15.1.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", "matchCriteriaId": "20662BB0-4C3D-4CF0-B068-3555C65DD06C", "versionEndIncluding": "16.1.4", "versionStartIncluding": "16.1.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", "matchCriteriaId": "D64EDCAD-F658-41A9-8838-41A2913EE8B7", "versionEndIncluding": "17.1.1", "versionStartIncluding": "17.1.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "7EC2324D-EC8B-41DF-88A7-819E53AAD0FC", "versionEndIncluding": "13.1.5", "versionStartIncluding": "13.1.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "9B88F9D1-B54B-40C7-A18A-26C4A071D7EC", "versionEndIncluding": "14.1.5", "versionStartIncluding": "14.1.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "C8F39403-C259-4D6F-9E9A-53671017EEDB", "versionEndIncluding": "15.1.10", "versionStartIncluding": "15.1.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "220F2D38-FA82-45EF-B957-7678C9FEDBC1", "versionEndIncluding": "16.1.4", "versionStartIncluding": "16.1.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "33B4FE55-81A7-41F8-ADB8-B0F84C8205C4", "versionEndIncluding": "17.1.1", "versionStartIncluding": "17.1.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:*", "matchCriteriaId": "C7E422F6-C4C2-43AC-B137-0997B5739030", "versionEndIncluding": "13.1.5", "versionStartIncluding": "13.1.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:*", "matchCriteriaId": "CC3F710F-DBCB-4976-9719-CF063DA22377", "versionEndIncluding": "14.1.5", "versionStartIncluding": "14.1.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:*", "matchCriteriaId": "4B9B76A1-7C5A-453F-A4ED-F1A81BCEBEB5", "versionEndIncluding": "15.1.10", "versionStartIncluding": "15.1.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:*", "matchCriteriaId": "88EDFCD9-775C-48FA-9CDA-2B04DA8D0612", "versionEndIncluding": "16.1.4", "versionStartIncluding": "16.1.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:*", "matchCriteriaId": "8C61E3E7-C594-40D9-936A-19CD26B170E6", "versionEndIncluding": "17.1.1", "versionStartIncluding": "17.1.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_services:*:*:*:*:*:*:*:*", "matchCriteriaId": "84D9CD72-ED25-4447-9DD5-41ED51C891E5", "versionEndIncluding": "13.1.5", "versionStartIncluding": "13.1.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_services:*:*:*:*:*:*:*:*", "matchCriteriaId": "00DEABFC-139A-4306-BCFA-6CE700D64327", "versionEndIncluding": "14.1.5", "versionStartIncluding": "14.1.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_services:*:*:*:*:*:*:*:*", "matchCriteriaId": "958C34E5-668D-416A-99AF-2C6F042A2215", "versionEndIncluding": "15.1.10", "versionStartIncluding": "15.1.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_services:*:*:*:*:*:*:*:*", "matchCriteriaId": "659376E8-FCCA-45E1-BDFB-C50117A66484", "versionEndIncluding": "16.1.4", "versionStartIncluding": "16.1.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_services:*:*:*:*:*:*:*:*", "matchCriteriaId": "B84C35AD-D355-4DB4-99F1-6EBA2D91F322", "versionEndIncluding": "17.1.1", "versionStartIncluding": "17.1.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "E6018B01-048C-43BB-A78D-66910ED60CA9", "versionEndIncluding": "13.1.5", "versionStartIncluding": "13.1.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "3A6A5686-5A8B-45D5-9165-BC99D2CCAC47", "versionEndIncluding": "14.1.5", "versionStartIncluding": "14.1.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "5D2A121F-5BD2-4263-8ED3-1DDE25B5C306", "versionEndIncluding": "15.1.10", "versionStartIncluding": "15.1.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "0A4F7BAD-3EDD-4DE0-AAB7-DE5ACA34DD79", "versionEndIncluding": "16.1.4", "versionStartIncluding": "16.1.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "DF43CD3A-2C94-4663-B5D5-0327FD3E1F3D", "versionEndIncluding": "17.1.1", "versionStartIncluding": "17.1.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", "matchCriteriaId": "D9EC2237-117F-43BD-ADEC-516CF72E04EF", "versionEndIncluding": "13.1.5", "versionStartIncluding": "13.1.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", "matchCriteriaId": "F70D4B6F-65CF-48F4-9A07-072DFBCE53D9", "versionEndIncluding": "14.1.5", "versionStartIncluding": "14.1.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", "matchCriteriaId": "29563719-1AF2-4BB8-8CCA-A0869F87795D", "versionEndIncluding": "15.1.10", "versionStartIncluding": "15.1.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", "matchCriteriaId": "D24815DD-579A-46D1-B9F2-3BB2C56BC54D", "versionEndIncluding": "16.1.4", "versionStartIncluding": "16.1.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", "matchCriteriaId": "95C1F4F7-7533-44CE-BE4C-BF71EAFA62EA", "versionEndIncluding": "17.1.1", "versionStartIncluding": "17.1.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*", "matchCriteriaId": "1932D32D-0E4B-4BBD-816F-6D47AB2E2F04", "versionEndIncluding": "13.1.5", "versionStartIncluding": "13.1.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*", "matchCriteriaId": "D47B7691-A95B-45C0-BAB4-27E047F3C379", "versionEndIncluding": "14.1.5", "versionStartIncluding": "14.1.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*", "matchCriteriaId": "2CD1637D-0E42-4928-867A-BA0FDB6E8462", "versionEndIncluding": "15.1.10", "versionStartIncluding": "15.1.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*", "matchCriteriaId": "3A599F90-F66B-4DF0-AD7D-D234F328BD59", "versionEndIncluding": "16.1.4", "versionStartIncluding": "16.1.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*", "matchCriteriaId": "609593AD-6E6D-4B8D-B01B-EF4768E8DF10", "versionEndIncluding": "17.1.1", "versionStartIncluding": "17.1.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*", "matchCriteriaId": "5326759A-AFB0-4A15-B4E9-3C9A2E5DB32A", "versionEndIncluding": "13.1.5", "versionStartIncluding": "13.1.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*", "matchCriteriaId": "57D92D05-C67D-437E-88F3-DCC3F6B0ED2F", "versionEndIncluding": "14.1.5", "versionStartIncluding": "14.1.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*", "matchCriteriaId": "ECCB8C30-861E-4E48-A5F5-30EE523C1FB6", "versionEndIncluding": "15.1.10", "versionStartIncluding": "15.1.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*", "matchCriteriaId": "F5FEAD2A-3A58-432E-BEBB-6E3FDE24395F", "versionEndIncluding": "16.1.4", "versionStartIncluding": "16.1.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*", "matchCriteriaId": "2044D97E-5637-45BA-A004-A717B5E793FD", "versionEndIncluding": "17.1.1", "versionStartIncluding": "17.1.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "descriptions": [ { "lang": "en", "value": "An authenticated SQL injection vulnerability exists in the BIG-IP Configuration utility which \n\nmay allow an authenticated attacker with network access to the Configuration utility through the BIG-IP management port and/or self IP addresses to execute arbitrary system commands.\n\n\u00a0Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated" }, { "lang": "es", "value": "Existe una vulnerabilidad de inyecci\u00f3n SQL autenticada en la utilidad de configuraci\u00f3n BIG-IP que puede permitir que un atacante autenticado con acceso de red a la utilidad de configuraci\u00f3n a trav\u00e9s del puerto de administraci\u00f3n BIG-IP y/o direcciones IP propias ejecute comandos arbitrarios del sistema. Nota: Las versiones de software que han llegado al End of Technical Support (EoTS) no se eval\u00faan" } ], "id": "CVE-2023-46748", "lastModified": "2024-02-01T02:14:46.903", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" }, { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "f5sirt@f5.com", "type": "Secondary" } ] }, "published": "2023-10-26T21:15:08.177", "references": [ { "source": "f5sirt@f5.com", "tags": [ "Vendor Advisory" ], "url": "https://my.f5.com/manage/s/article/K000137365" }, { "source": "f5sirt@f5.com", "tags": [ "Exploit", "Third Party Advisory" ], "url": "https://www.secpod.com/blog/f5-issues-warning-big-ip-vulnerability-used-in-active-exploit-chain/" } ], "sourceIdentifier": "f5sirt@f5.com", "vulnStatus": "Analyzed", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-89" } ], "source": "nvd@nist.gov", "type": "Primary" }, { "description": [ { "lang": "en", "value": "CWE-89" } ], "source": "f5sirt@f5.com", "type": "Secondary" } ] } } } }
Loading...
Loading...
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.