CVE-2023-29240
published 2023-05-03CVE-2023-29240: An authenticated attacker granted a Viewer or Auditor role on a BIG-IQ can upload arbitrary files using an undisclosed iControl REST endpoint. Note: Software…
medium5.4CVSS 3.1
AVNACLPRLUINSUCNILAL
An authenticated attacker granted a Viewer or Auditor role on a BIG-IQ can upload arbitrary files using an undisclosed iControl REST endpoint. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| f5 | big-iq | — | — |
| f5 | big-iq | >= 8.0.0 < 8.3.0 | 8.3.0 |
| f5 | big-iq_centralized_management | >= 8.0.0 < 8.3.0 | 8.3.0 |
| f5 | icontrol_rest | — | — |