- 256/2023
- Critical
F5 has released security updates to fix several vulnerabilities across multiple versions of F5 BIG-IP, BIG-IP (APM), and F5 BIG-IP Next SPK.
The addressed vulnerabilities could allow the attacker to gain access, execute arbitrary commands, perform denial of service attacks, obtain sensitive information, bypass security restrictions, or gain elevated privileges on the affected systems by sending a specially crafted request.
Sample of the addressed vulnerabilities:
1. F5 BIG-IP Directory Traversal Vulnerability (CVE-2023-41373):
- CVSS: 9.9
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Consequences: Gain Access
2. F5 BIG-IP Security Bypass Vulnerability (CVE-2023-43746):
- CVSS: 8.7
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: High
- User Interaction: None
- Consequences: Bypass Security
Vulnerabilities
Mitigations
The enterprise should deploy the patch as soon as the testing phase is completed.