- 245/2023
- Medium
F5 has released security updates to fix several vulnerabilities across multiple versions of BIG-IP APM Clients.
The addressed vulnerabilities could allow the attacker within the local network to send IP traffic outside of the VPN tunnel and bypass security restrictions, or obtain sensitive information from the affected systems.
The addressed vulnerabilities:
1. F5 BIG-IP Security Bypass Vulnerability (CVE-2023-43125):
- CVSS: 6.8
- Attack Vector: Adjacent Network
- Attack Complexity: High
- Privileges Required: None
- User Interaction: None
- Consequences: Bypass Security
2. F5 BIG-IP Information Disclosure Vulnerability (CVE-2023-43124):
- CVSS: 5.3
- Attack Vector: Adjacent Network
- Attack Complexity: High
- Privileges Required: None
- User Interaction: None
- Consequences: Obtain Information
Vulnerabilities
- CVE-2023-43125
- CVE-2023-43124
Mitigations
The enterprise should deploy the patch as soon as the testing phase is completed.