CVE-2023-22326Incorrect Permission Assignment in F5 Big-ip

CWE-732Incorrect Permission Assignment4 documents4 sources
Severity
4.9MEDIUMNVD
EPSS
0.4%
top 36.52%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
14
F5 Big-ipF5 Big-iq Centralized ManagementF5 Big-ip Access Policy Manager+11 more
Timeline
PublishedFeb 1

Description

In BIG-IP versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.x before 15.1.8.1, 14.1.x before 14.1.5.3, and all versions of 13.1.x, and all versions of BIG-IQ 8.x and 7.1.x, incorrect permission assignment vulnerabilities exist in the iControl REST and TMOS shell (tmsh) dig command which may allow an authenticated attacker with resource administrator or administrator role privileges to view sensitive information. Note: Software versions which have reached End of Technical Support (EoT

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:NExploitability: 1.2 | Impact: 3.6

Affected Packages14 packages

CVEListV5f5/big-ip17.0.017.0.0.2+4
NVDf5/big-ip_analytics14.1.014.1.5.3+4
NVDf5/big-ip_link_controller14.1.014.1.5.3+4
NVDf5/big-ip_ssl_orchestrator14.1.014.1.5.3+4
NVDf5/big-ip_domain_name_system14.1.014.1.5.3+3

🔴Vulnerability Details

2
CVEList
iControl REST and tmsh vulnerability2023-02-01
GHSA
GHSA-jfw6-p8xv-wh65: In BIG-IP versions 172023-02-01

📋Vendor Advisories

1
F5
CVE-2023-22326: In BIG-IP versions 172023-02-01