CVE-2023-43125

CWE-319 — Cleartext Transmission4 documents4 sources

Severity

8.2HIGH

EPSS

0.1%

top 64.48%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

F5 Big-ip Edge Client F5 F5 Access F5 Big-ip Access Policy Manager +1 more

Timeline

PublishedSep 27

Description

BIG-IP APM clients may send IP traffic outside of the VPN tunnel. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

CVSS vector

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:NExploitability: 1.6 | Impact: 5.2

Affected Packages4 packages

▶CVEListV5f5/f5_access3.0 — *

▶CVEListV5f5/big-ip_edge_client7.2.3 — *

▶NVDf5/big-ip_access_policy_manager14.1.5.2 — 14.1.5.6+4

▶NVDf5/big-ip_access_policy_manager_client7.2.3 — 7.2.4

🔴Vulnerability Details

GHSA

GHSA-w439-f952-rj94: BIG-IP APM clients may send IP traffic outside of the VPN tunnel↗2023-09-27

▶

CVEList

BIG-IP APM Clients TunnelCrack vulnerability↗2023-09-27

▶

📋Vendor Advisories

CVE-2023-43125: BIG-IP APM clients may send IP traffic outside of the VPN tunnel↗2023-09-27

▶