BIG-IP in Appliance Mode Configuration utility vulnerability - 20231023002¶
Overview¶
The WA SOC has become aware of vulnerability related to the BIG-IP Configuration Utility, which is a browser-based user interface service. An authenticated attacker may exploit this vulnerability by sending crafted requests to the BIG-IP Configuration utility. If the exploit is successful, an attacker can execute commands on the BIG-IP system, which is a set of application delivery products. For BIG-IP system running in Appliance mode, a successful exploit can allow the attacker to cross a security boundary. It is noted that Software versions which have reached End of Technical Support (EoTS) are not evaluated.
What is the vulnerability?¶
CVE-2023-41373 - CVSS v3 Base Score: 9.9
What is vulnerable?¶
The vulnerability affects the following F5 Network, BIG-IP (all modules) in Appliance Mode products:
- versions from 17.1.0 before 17.1.0.3
- versions from 16.1.0 before 16.1.4.1
- versions from 15.1.0 before 15.1.10.2
- versions from 14.1.0 before 14.1.5.6
- versions from 13.1.0
What has been observed?¶
There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing.
Recommendation¶
The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of one month (refer Patch Management):