Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2008-7032Cross-Site Request Forgery in F5 Big-ip

CWE-352Cross-Site Request Forgery4 documents4 sources
Severity
6.8MEDIUMNVD
EPSS
0.2%
top 57.30%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
F5 Big-ip
Timeline
PublishedAug 24
Latest updateMay 14

Description

Web Management Console Cross-site request forgery (CSRF) vulnerability in the web management console in F5 BIG-IP 9.4.3 allows remote attackers to hijack the authentication of administrators for requests that create new administrators and execute shell commands, as demonstrated using tmui/Control/form.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages1 packages

NVDf5/big-ip9.4.3

🔴Vulnerability Details

2
GHSA
GHSA-m7m4-2p38-j9fh: Web Management Console Cross-site request forgery (CSRF) vulnerability in the web management console in F5 BIG-IP 92022-05-14
CVEList
CVE-2008-7032: Web Management Console Cross-site request forgery (CSRF) vulnerability in the web management console in F5 BIG-IP 92009-08-24

💥Exploits & PoCs

1
Exploit-DB
F5 BIG-IP 9.4.3 - Web Management Interface Cross-Site Request Forgery2008-02-11
CVE-2008-7032 — Cross-Site Request Forgery in F5 Big-ip | cvebase