cbcvebase.
CVE-2023-42768
published 2023-10-10

CVE-2023-42768: When a non-admin user has been assigned an administrator role via an iControl REST PUT request and later the user's role is reverted back to a non-admin role…

high7.2CVSS 3.1
AVNACLPRHUINSUCHIHAH
When a non-admin user has been assigned an administrator role via an iControl REST PUT request and later the user's role is reverted back to a non-admin role via the Configuration utility, tmsh, or iControl REST. BIG-IP non-admin user can still have access to iControl REST admin resource. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Affected

100 ranges· showing 25
VendorProductVersion rangeFixed in
f5big-ip>= 13.1.0 < **
f5big-ip>= 14.1.0 < **
f5big-ip>= 15.1.0 < 15.1.915.1.9
f5big-ip>= 16.1.0 < 16.1.416.1.4
f5big-ip_aam
f5big-ip_access_policy_manager13.1.0 – 13.1.5
f5big-ip_access_policy_manager14.1.0 – 14.1.5
f5big-ip_access_policy_manager>= 15.1.0 < 15.1.915.1.9
f5big-ip_access_policy_manager>= 16.1.0 < 16.1.416.1.4
f5big-ip_advanced_firewall_manager13.1.0 – 13.1.5
f5big-ip_advanced_firewall_manager14.1.0 – 14.1.5
f5big-ip_advanced_firewall_manager>= 15.1.0 < 15.1.915.1.9
f5big-ip_advanced_firewall_manager>= 16.1.0 < 16.1.416.1.4
f5big-ip_advanced_waf
f5big-ip_advanced_web_application_firewall13.1.0 – 13.1.5
f5big-ip_advanced_web_application_firewall14.1.0 – 14.1.5
f5big-ip_advanced_web_application_firewall>= 15.1.0 < 15.1.915.1.9
f5big-ip_advanced_web_application_firewall>= 16.1.0 < 16.1.416.1.4
f5big-ip_afm
f5big-ip_analytics
f5big-ip_analytics13.1.0 – 13.1.5
f5big-ip_analytics14.1.0 – 14.1.5
f5big-ip_analytics>= 15.1.0 < 15.1.915.1.9
f5big-ip_analytics>= 16.1.0 < 16.1.416.1.4
f5big-ip_apm