- 183/2023
- High
F5 has released security updates to fix several vulnerabilities across multiple F5 products such as (BIG-IP, BIG-IP APM, F5OS-A, BIG-IQ Centralized Management).
The addressed vulnerabilities could allow the attacker to bypass security restrictions, perform a cross-site scripting attack, obtain sensitive information, or gain elevated privileges by sending a specially crafted request to the affected systems.
Sample of the addressed vulnerabilities:
1. F5 BIG-IP (APM) Privilege Escalation Vulnerability (CVE-2023-38418):
- CVSS: 7.8
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Consequences: Gain Privileges
2. F5 BIG-IP Cross-Site Scripting Vulnerability (CVE-2023-38138):
- CVSS: 7.5
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: None
- User Interaction: Required
- Consequences: Cross-Site Scripting
Vulnerabilities
Mitigations
The enterprise should deploy the patch as soon as the testing phase is completed.