CVE-2023-28406Path Traversal in F5 Big-ip Access Policy Manager

CWE-22Path Traversal4 documents4 sources
Severity
4.3MEDIUMNVD
EPSS
0.8%
top 26.01%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
20
F5 Big-ipF5 Big-ip Access Policy ManagerF5 Big-ip Advanced Firewall Manager+17 more
Timeline
PublishedMay 3
Latest updateJul 6

Description

A directory traversal vulnerability exists in an undisclosed page of the BIG-IP Configuration utility which may allow an authenticated attacker to read files with .xml extension. Access to restricted information is limited and the attacker does not control what information is obtained. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages20 packages

NVDf5/big-ip_link_controller14.1.014.1.5.4+4
NVDf5/big-ip_access_policy_manager14.1.014.1.5.4+4
CVEListV5f5/big-ip17.0.0*+4
NVDf5/big-ip_websafe14.1.014.1.5.4+4
NVDf5/big-ip_analytics14.1.014.1.5.4+4

🔴Vulnerability Details

2
GHSA
GHSA-cp49-xvqp-h5ww: A directory traversal vulnerability exists in an undisclosed page of the BIG-IP Configuration utility which may allow an authenticated attacker to rea2023-07-06
CVEList
BIG-IP Configuration utility vulnerability2023-05-03

📋Vendor Advisories

1
F5
CVE-2023-28406: A directory traversal vulnerability exists in an undisclosed page of the BIG-IP Configuration utility which may allow...2023-05-03
CVE-2023-28406 — Path Traversal in F5 | cvebase