{ "id": "CVE-2023-46747", "sourceIdentifier": "f5sirt@f5.com", "published": "2023-10-26T21:15:08.097", "lastModified": "2023-11-16T02:15:26.577", "vulnStatus": "Modified", "cisaExploitAdd": "2023-10-31", "cisaActionDue": "2023-11-21", "cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", "cisaVulnerabilityName": "F5 BIG-IP Configuration Utility Authentication Bypass Vulnerability", "descriptions": [ { "lang": "en", "value": "\n\n\nUndisclosed requests may bypass configuration utility authentication, allowing an attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands.\u00a0\u00a0Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated\n\n" }, { "lang": "es", "value": "Las solicitudes no divulgadas pueden omitir la autenticaci\u00f3n de la utilidad de configuraci\u00f3n, lo que permite a un atacante con acceso de red al sistema BIG-IP a trav\u00e9s del puerto de administraci\u00f3n y/o direcciones IP propias ejecutar comandos arbitrarios del sistema. Nota: Las versiones de software que han llegado al End of Technical Support (EoTS) no se eval\u00faan" } ], "metrics": { "cvssMetricV31": [ { "source": "f5sirt@f5.com", "type": "Primary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL" }, "exploitabilityScore": 3.9, "impactScore": 5.9 } ] }, "weaknesses": [ { "source": "f5sirt@f5.com", "type": "Primary", "description": [ { "lang": "en", "value": "CWE-288" } ] } ], "configurations": [ { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "13.1.0", "versionEndIncluding": "13.1.5", "matchCriteriaId": "D93F04AD-DF14-48AB-9F13-8B2E491CF42E" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "14.1.0", "versionEndIncluding": "14.1.5", "matchCriteriaId": "7522C760-7E07-406F-BF50-5656D5723C4F" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "15.1.0", "versionEndIncluding": "15.1.10", "matchCriteriaId": "3A7F605E-EB10-40FB-98D6-7E3A95E310BC" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "16.1.0", "versionEndIncluding": "16.1.4", "matchCriteriaId": "783E62F2-F867-48F1-B123-D1227C970674" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "17.1.0", "versionEndIncluding": "17.1.1", "matchCriteriaId": "DB629442-AB06-4552-A7A2-CAF967E47C39" } ] } ] }, { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "13.1.0", "versionEndIncluding": "13.1.5", "matchCriteriaId": "6603ED6A-3366-4572-AFCD-B3D4B1EC7606" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "14.1.0", "versionEndIncluding": "14.1.5", "matchCriteriaId": "88978E38-81D3-4EFE-8525-A300B101FA69" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "15.1.0", "versionEndIncluding": "15.1.10", "matchCriteriaId": "0510296F-92D7-4388-AE3A-0D9799C2FC4D" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "16.1.0", "versionEndIncluding": "16.1.4", "matchCriteriaId": "D7698D6C-B1F7-43C1-BBA6-88E956356B3D" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "17.1.0", "versionEndIncluding": "17.1.1", "matchCriteriaId": "E1EA69BC-2AAF-4652-BD2D-95BB754880AF" } ] } ] }, { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*", "versionStartIncluding": "13.1.0", "versionEndIncluding": "13.1.5", "matchCriteriaId": "05E452AA-A520-4CBE-8767-147772B69194" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*", "versionStartIncluding": "14.1.0", "versionEndIncluding": "14.1.5", "matchCriteriaId": "596FC5D5-7329-4E39-841E-CAE937C02219" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*", "versionStartIncluding": "15.1.0", "versionEndIncluding": "15.1.10", "matchCriteriaId": "B3C7A168-F370-441E-8790-73014BCEC39F" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*", "versionStartIncluding": "16.1.0", "versionEndIncluding": "16.1.4", "matchCriteriaId": "CF16FD01-7704-40AB-ACB2-80A883804D22" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*", "versionStartIncluding": "17.1.0", "versionEndIncluding": "17.1.1", "matchCriteriaId": "732CE215-90B1-444A-BBA4-3FF63D6C63DF" } ] } ] }, { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:*", "versionStartIncluding": "13.1.0", "versionEndIncluding": "13.1.5", "matchCriteriaId": "4C9FCBCB-9CE0-49E7-85C8-69E71D211912" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:*", "versionStartIncluding": "14.1.0", "versionEndIncluding": "14.1.5", "matchCriteriaId": "112DFA85-90AD-478D-BD70-8C7C0C074F1B" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:*", "versionStartIncluding": "15.1.0", "versionEndIncluding": "15.1.10", "matchCriteriaId": "DB704A1C-D8B7-48BB-A15A-C14DB591FE4A" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:*", "versionStartIncluding": "16.1.0", "versionEndIncluding": "16.1.4", "matchCriteriaId": "21D51D9F-2840-4DEA-A007-D20111A1745C" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:*", "versionStartIncluding": "17.1.0", "versionEndIncluding": "17.1.1", "matchCriteriaId": "C640FA3F-7AB7-4875-B01D-9DB41CEB432B" } ] } ] }, { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*", "versionStartIncluding": "13.1.0", "versionEndIncluding": "13.1.5", "matchCriteriaId": "CAEF3EA4-7D5A-4B44-9CE3-258AEC745866" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*", "versionStartIncluding": "14.1.0", "versionEndIncluding": "14.1.5", "matchCriteriaId": "2FBCE2D1-9D93-415D-AB2C-2060307C305A" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*", "versionStartIncluding": "15.1.0", "versionEndIncluding": "15.1.10", "matchCriteriaId": "8070B469-8CC4-4D2F-97D7-12D0ABB963C1" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*", "versionStartIncluding": "16.1.0", "versionEndIncluding": "16.1.4", "matchCriteriaId": "A326597E-725D-45DE-BEF7-2ED92137B253" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*", "versionStartIncluding": "17.1.0", "versionEndIncluding": "17.1.1", "matchCriteriaId": "7479843E-F2D9-4815-95BC-F4223119753C" } ] } ] }, { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*", "versionStartIncluding": "13.1.0", "versionEndIncluding": "13.1.5", "matchCriteriaId": "8A6F9699-A485-4614-8F38-5A556D31617E" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*", "versionStartIncluding": "14.1.0", "versionEndIncluding": "14.1.5", "matchCriteriaId": "5A90F547-97A2-41EC-9FDF-25F869F0FA38" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*", "versionStartIncluding": "15.1.0", "versionEndIncluding": "15.1.10", "matchCriteriaId": "E76E1B82-F1DC-4366-B388-DBDF16C586A0" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*", "versionStartIncluding": "16.1.0", "versionEndIncluding": "16.1.4", "matchCriteriaId": "660137F4-15A1-42D1-BBAC-99A1D5BB398B" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*", "versionStartIncluding": "17.1.0", "versionEndIncluding": "17.1.1", "matchCriteriaId": "25E7DBE6-D708-4257-BA8B-90A4DB6DE1EA" } ] } ] }, { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", "versionStartIncluding": "13.1.0", "versionEndIncluding": "13.1.5", "matchCriteriaId": "08B25AAB-A98C-4F89-9131-29E3A8C0ED23" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", "versionStartIncluding": "14.1.0", "versionEndIncluding": "14.1.5", "matchCriteriaId": "ED9B976A-D3AD-4445-BF8A-067C3EBDFBB0" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", "versionStartIncluding": "15.1.0", "versionEndIncluding": "15.1.10", "matchCriteriaId": "98D2CE1E-DED0-470A-AA78-C78EF769C38E" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", "versionStartIncluding": "16.1.0", "versionEndIncluding": "16.1.4", "matchCriteriaId": "C966FABA-7199-4F0D-AB8C-4590FE9D2FFF" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", "versionStartIncluding": "17.1.0", "versionEndIncluding": "17.1.1", "matchCriteriaId": "375D359B-E05B-4AEC-9B39-46911847A410" } ] } ] }, { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "13.1.0", "versionEndIncluding": "13.1.5", "matchCriteriaId": "0360F76D-E75E-4B05-A294-B47012323ED9" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "14.1.0", "versionEndIncluding": "14.1.5", "matchCriteriaId": "7A4607BF-41AC-4E84-A110-74E085FF0445" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "15.1.0", "versionEndIncluding": "15.1.10", "matchCriteriaId": "441CC945-7CA3-49C0-AE10-94725301E31D" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "16.1.0", "versionEndIncluding": "16.1.4", "matchCriteriaId": "46BA8E8A-6ED5-4FB2-8BBC-586AA031085A" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "17.1.0", "versionEndIncluding": "17.1.1", "matchCriteriaId": "820076A8-F163-4471-8B1E-5290BD1D6D93" } ] } ] }, { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "13.1.0", "versionEndIncluding": "13.1.5", "matchCriteriaId": "8257AA59-C14D-4EC1-B22C-DFBB92CBC297" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "14.1.0", "versionEndIncluding": "14.1.5", "matchCriteriaId": "37DB32BB-F4BA-4FB5-94B1-55C3F06749CF" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "15.1.0", "versionEndIncluding": "15.1.10", "matchCriteriaId": "FFF5007E-761C-4697-8D34-C064DF0ABE8D" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "16.1.0", "versionEndIncluding": "16.1.4", "matchCriteriaId": "910441D3-90EF-4375-B007-D51120A60AB2" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "17.1.0", "versionEndIncluding": "17.1.1", "matchCriteriaId": "17523F89-DF78-45B7-AEAB-A4886E99E08B" } ] } ] }, { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_automation_toolchain:*:*:*:*:*:*:*:*", "versionStartIncluding": "13.1.0", "versionEndIncluding": "13.1.5", "matchCriteriaId": "89ADA880-7A5B-49DA-AEA4-BC19D7C41916" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_automation_toolchain:*:*:*:*:*:*:*:*", "versionStartIncluding": "14.1.0", "versionEndIncluding": "14.1.5", "matchCriteriaId": "3D33AA82-3AE5-4165-9B54-8C03381D98AD" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_automation_toolchain:*:*:*:*:*:*:*:*", "versionStartIncluding": "15.1.0", "versionEndIncluding": "15.1.10", "matchCriteriaId": "56800E2E-119D-468B-B407-9CFACD8C00D7" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_automation_toolchain:*:*:*:*:*:*:*:*", "versionStartIncluding": "16.1.0", "versionEndIncluding": "16.1.4", "matchCriteriaId": "CAA278BA-B020-4BED-91DA-1CD8966512D6" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_automation_toolchain:*:*:*:*:*:*:*:*", "versionStartIncluding": "17.1.0", "versionEndIncluding": "17.1.1", "matchCriteriaId": "E874DD74-E654-44EE-A1A3-57D7CA772FB1" } ] } ] }, { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_container_ingress_services:*:*:*:*:*:*:*:*", "versionStartIncluding": "13.1.0", "versionEndIncluding": "13.1.5", "matchCriteriaId": "5D87EE02-C9AF-4824-BAB1-5F674C51D78E" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_container_ingress_services:*:*:*:*:*:*:*:*", "versionStartIncluding": "14.1.0", "versionEndIncluding": "14.1.5", "matchCriteriaId": "5630F852-7110-4332-95DF-2D34365BA076" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_container_ingress_services:*:*:*:*:*:*:*:*", "versionStartIncluding": "15.1.0", "versionEndIncluding": "15.1.10", "matchCriteriaId": "425A5D8F-C719-459F-8FF4-FC3EFB4B6BB3" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_container_ingress_services:*:*:*:*:*:*:*:*", "versionStartIncluding": "16.1.0", "versionEndIncluding": "16.1.4", "matchCriteriaId": "3095B6F6-C2FF-44B2-97AA-EEF5F475A608" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_container_ingress_services:*:*:*:*:*:*:*:*", "versionStartIncluding": "17.1.0", "versionEndIncluding": "17.1.1", "matchCriteriaId": "437CA326-41B9-4DBD-93B6-1FF93F5EAFCE" } ] } ] }, { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "13.1.0", "versionEndIncluding": "13.1.5", "matchCriteriaId": "922AA845-530A-4B4B-9976-4CBC30C8A324" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "14.1.0", "versionEndIncluding": "14.1.5", "matchCriteriaId": "F938EB43-8373-47EB-B269-C6DF058A9244" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "15.1.0", "versionEndIncluding": "15.1.10", "matchCriteriaId": "1771493E-ACAA-477F-8AB4-25DB12F6AD6E" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "16.1.0", "versionEndIncluding": "16.1.4", "matchCriteriaId": "5E86F3D5-65A4-48CE-A6A2-736BBB88E3F8" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "17.1.0", "versionEndIncluding": "17.1.1", "matchCriteriaId": "31C4D96A-6D71-44B5-8B94-AE9DFA93873B" } ] } ] }, { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", "versionStartIncluding": "13.1.0", "versionEndIncluding": "13.1.5", "matchCriteriaId": "9167FEC1-2C37-4946-9657-B4E69301FB24" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", "versionStartIncluding": "14.1.0", "versionEndIncluding": "14.1.5", "matchCriteriaId": "7B4B3442-E0C0-48CD-87AD-060E15C9801E" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", "versionStartIncluding": "15.1.0", "versionEndIncluding": "15.1.10", "matchCriteriaId": "8FA85EC1-D91A-49DD-949B-2AF7AC813CA5" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", "versionStartIncluding": "16.1.0", "versionEndIncluding": "16.1.4", "matchCriteriaId": "20662BB0-4C3D-4CF0-B068-3555C65DD06C" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", "versionStartIncluding": "17.1.0", "versionEndIncluding": "17.1.1", "matchCriteriaId": "D64EDCAD-F658-41A9-8838-41A2913EE8B7" } ] } ] }, { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "13.1.0", "versionEndIncluding": "13.1.5", "matchCriteriaId": "7EC2324D-EC8B-41DF-88A7-819E53AAD0FC" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "14.1.0", "versionEndIncluding": "14.1.5", "matchCriteriaId": "9B88F9D1-B54B-40C7-A18A-26C4A071D7EC" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "15.1.0", "versionEndIncluding": "15.1.10", "matchCriteriaId": "C8F39403-C259-4D6F-9E9A-53671017EEDB" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "16.1.0", "versionEndIncluding": "16.1.4", "matchCriteriaId": "220F2D38-FA82-45EF-B957-7678C9FEDBC1" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "17.1.0", "versionEndIncluding": "17.1.1", "matchCriteriaId": "33B4FE55-81A7-41F8-ADB8-B0F84C8205C4" } ] } ] }, { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:*", "versionStartIncluding": "13.1.0", "versionEndIncluding": "13.1.5", "matchCriteriaId": "C7E422F6-C4C2-43AC-B137-0997B5739030" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:*", "versionStartIncluding": "14.1.0", "versionEndIncluding": "14.1.5", "matchCriteriaId": "CC3F710F-DBCB-4976-9719-CF063DA22377" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:*", "versionStartIncluding": "15.1.0", "versionEndIncluding": "15.1.10", "matchCriteriaId": "4B9B76A1-7C5A-453F-A4ED-F1A81BCEBEB5" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:*", "versionStartIncluding": "16.1.0", "versionEndIncluding": "16.1.4", "matchCriteriaId": "88EDFCD9-775C-48FA-9CDA-2B04DA8D0612" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:*", "versionStartIncluding": "17.1.0", "versionEndIncluding": "17.1.1", "matchCriteriaId": "8C61E3E7-C594-40D9-936A-19CD26B170E6" } ] } ] }, { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_services:*:*:*:*:*:*:*:*", "versionStartIncluding": "13.1.0", "versionEndIncluding": "13.1.5", "matchCriteriaId": "84D9CD72-ED25-4447-9DD5-41ED51C891E5" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_services:*:*:*:*:*:*:*:*", "versionStartIncluding": "14.1.0", "versionEndIncluding": "14.1.5", "matchCriteriaId": "00DEABFC-139A-4306-BCFA-6CE700D64327" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_services:*:*:*:*:*:*:*:*", "versionStartIncluding": "15.1.0", "versionEndIncluding": "15.1.10", "matchCriteriaId": "958C34E5-668D-416A-99AF-2C6F042A2215" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_services:*:*:*:*:*:*:*:*", "versionStartIncluding": "16.1.0", "versionEndIncluding": "16.1.4", "matchCriteriaId": "659376E8-FCCA-45E1-BDFB-C50117A66484" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_services:*:*:*:*:*:*:*:*", "versionStartIncluding": "17.1.0", "versionEndIncluding": "17.1.1", "matchCriteriaId": "B84C35AD-D355-4DB4-99F1-6EBA2D91F322" } ] } ] }, { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "13.1.0", "versionEndIncluding": "13.1.5", "matchCriteriaId": "E6018B01-048C-43BB-A78D-66910ED60CA9" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "14.1.0", "versionEndIncluding": "14.1.5", "matchCriteriaId": "3A6A5686-5A8B-45D5-9165-BC99D2CCAC47" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "15.1.0", "versionEndIncluding": "15.1.10", "matchCriteriaId": "5D2A121F-5BD2-4263-8ED3-1DDE25B5C306" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "16.1.0", "versionEndIncluding": "16.1.4", "matchCriteriaId": "0A4F7BAD-3EDD-4DE0-AAB7-DE5ACA34DD79" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "17.1.0", "versionEndIncluding": "17.1.1", "matchCriteriaId": "DF43CD3A-2C94-4663-B5D5-0327FD3E1F3D" } ] } ] }, { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", "versionStartIncluding": "13.1.0", "versionEndIncluding": "13.1.5", "matchCriteriaId": "D9EC2237-117F-43BD-ADEC-516CF72E04EF" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", "versionStartIncluding": "14.1.0", "versionEndIncluding": "14.1.5", "matchCriteriaId": "F70D4B6F-65CF-48F4-9A07-072DFBCE53D9" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", "versionStartIncluding": "15.1.0", "versionEndIncluding": "15.1.10", "matchCriteriaId": "29563719-1AF2-4BB8-8CCA-A0869F87795D" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", "versionStartIncluding": "16.1.0", "versionEndIncluding": "16.1.4", "matchCriteriaId": "D24815DD-579A-46D1-B9F2-3BB2C56BC54D" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", "versionStartIncluding": "17.1.0", "versionEndIncluding": "17.1.1", "matchCriteriaId": "95C1F4F7-7533-44CE-BE4C-BF71EAFA62EA" } ] } ] }, { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*", "versionStartIncluding": "13.1.0", "versionEndIncluding": "13.1.5", "matchCriteriaId": "1932D32D-0E4B-4BBD-816F-6D47AB2E2F04" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*", "versionStartIncluding": "14.1.0", "versionEndIncluding": "14.1.5", "matchCriteriaId": "D47B7691-A95B-45C0-BAB4-27E047F3C379" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*", "versionStartIncluding": "15.1.0", "versionEndIncluding": "15.1.10", "matchCriteriaId": "2CD1637D-0E42-4928-867A-BA0FDB6E8462" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*", "versionStartIncluding": "16.1.0", "versionEndIncluding": "16.1.4", "matchCriteriaId": "3A599F90-F66B-4DF0-AD7D-D234F328BD59" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*", "versionStartIncluding": "17.1.0", "versionEndIncluding": "17.1.1", "matchCriteriaId": "609593AD-6E6D-4B8D-B01B-EF4768E8DF10" } ] } ] }, { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*", "versionStartIncluding": "13.1.0", "versionEndIncluding": "13.1.5", "matchCriteriaId": "5326759A-AFB0-4A15-B4E9-3C9A2E5DB32A" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*", "versionStartIncluding": "14.1.0", "versionEndIncluding": "14.1.5", "matchCriteriaId": "57D92D05-C67D-437E-88F3-DCC3F6B0ED2F" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*", "versionStartIncluding": "15.1.0", "versionEndIncluding": "15.1.10", "matchCriteriaId": "ECCB8C30-861E-4E48-A5F5-30EE523C1FB6" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*", "versionStartIncluding": "16.1.0", "versionEndIncluding": "16.1.4", "matchCriteriaId": "F5FEAD2A-3A58-432E-BEBB-6E3FDE24395F" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*", "versionStartIncluding": "17.1.0", "versionEndIncluding": "17.1.1", "matchCriteriaId": "2044D97E-5637-45BA-A004-A717B5E793FD" } ] } ] } ], "references": [ { "url": "http://packetstormsecurity.com/files/175673/F5-BIG-IP-TMUI-AJP-Smuggling-Remote-Command-Execution.html", "source": "f5sirt@f5.com" }, { "url": "https://my.f5.com/manage/s/article/K000137353", "source": "f5sirt@f5.com", "tags": [ "Vendor Advisory" ] }, { "url": "https://www.secpod.com/blog/f5-issues-warning-big-ip-vulnerability-used-in-active-exploit-chain/", "source": "f5sirt@f5.com" } ] }