- 100/2023
- High
F5 has released security updates to fix several vulnerabilities across multiple F5 products.
The addressed vulnerabilities could allow the attacker to gain access, execute code, disclose information, modify sensitive files, escalate privileges, or cause a denial of service attack on the affected systems.
Samples of the addressed vulnerabilities:
1. F5 NGINX Management Suite Vulnerability (CVE-2023-28656):
- CVSS: 8.1
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Consequences: Bypass Security
2. BIG-IP UDP Profile Vulnerability (CVE-2023-29163):
- CVSS: 7.5
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Denial of Service
Indicators of Compromise
Indicators of compromise will be shared with EG-FinCIRT’s Constituents
Vulnerabilities
Mitigations
The enterprise should deploy the patch as soon as the testing phase is completed.