CVE-2024-23603 — SQL Injection in F5 Big-ip

CWE-89 — SQL Injection4 documents4 sources

Severity

3.8LOWNVD

EPSS

0.3%

top 47.51%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

F5 Big-ip F5 Big-ip Advanced WEB Application Firewall F5 Big-ip Application Security Manager

Timeline

PublishedFeb 14

Description

An SQL injection vulnerability exists in an undisclosed page of the BIG-IP Configuration utility. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:NExploitability: 1.2 | Impact: 2.5

Affected Packages3 packages

▶CVEListV5f5/big-ip17.1.0 — 17.1.1+2

▶NVDf5/big-ip_application_security_manager15.1.0 — 15.1.9+2

▶NVDf5/big-ip_advanced_web_application_firewall15.1.0 — 15.1.10+2

🔴Vulnerability Details

GHSA

GHSA-c7f4-j25r-jvjf: An SQL injection vulnerability exists in an undisclosed page of the BIG-IP Configuration utility↗2024-02-14

▶

CVEList

BIG-IP Advanced WAF and ASM Configuration utility vulnerability↗2024-02-14

▶

📋Vendor Advisories

CVE-2024-23603: An SQL injection vulnerability exists in an undisclosed page of the BIG-IP Configuration utility↗2024-02-14

▶