VDB

BDU%3A2023-07232

BDU%3A2023-07232 PUBLISHED CVSS 10 CRITICAL

Уязвимость утилиты настройки программных продуктов BIG-IP средства контроля доступа и удаленной аутентификации BIG-IP Access Policy Manager, а также программных средств BIG-IP Advanced Firewall Manager, BIG-IP Analytics, BIG-IP Application Acceleration Manager, BIG-IP Application Security Manager, BIG-IP Hybrid Defender, BIG-IP Domain Name System, BIG-IP Fraud Protection Service, BIG-IP Link Controller, BIG-IP Local Traffic Manager, BIG-IP Policy Enforcement Manager, BIG-IP Orchestrator, связанная с возможностью обхода процедуры аутентификации посредством использования альтернативного пути или канала, позволяющая нарушителю выполнить произвольные системные команды

Risk Scores

CVSS 2.0
10

Affected Products

VendorProductVersions
F5 Networks, Inc.BIG-IP Access Policy Manager, BIG-IP Advanced Firewall Manager, BIG-IP Analytics, BIG-IP Application Acceleration Manager, BIG-IP Application Security Manager, BIG-IP Fraud Protection Service, BIG-IP Link Controller, BIG-IP Local Traffic Manager, BIG-IP Policy Enforcement Manager, BIG-IP DDos Hybrid Defender, BIG-IP SSL Orchestrator
F5BIG-IP17.1.0, 16.1.0, 15.1.0

Timeline

  • Oct 28, 2023 CVE Published
  • Oct 31, 2023 PoC Published
  • Oct 31, 2023 PoC Published
  • Nov 2, 2023 PoC Published
  • Nov 3, 2023 PoC Published
  • Sep 13, 2024 CVE Updated
  • Oct 15, 2024 PoC Published
  • Dec 22, 2024 PoC Published
  • Dec 24, 2024 PoC Published
  • Dec 24, 2024 PoC Published
  • Jan 31, 2025 PoC Published
  • Feb 6, 2025 PoC Published
Open in Interactive Console →
$ Console Community · 100/wk Open console ›