BIG-IQ iControl REST Vulnerability
CVE-2023-29240
5.4MEDIUM
Summary
An authenticated attacker granted a Viewer or Auditor role on a BIG-IQ can upload arbitrary files using an undisclosed iControl REST endpoint. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Affected Version(s)
BIG-IQ < 8.3.0
Refferences
CVSS V3.1
Score:
5.4
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Collectors
NVD DatabaseMitre Database
Credit
F5 acknowledges Mateusz Dąbrowski of ING for bringing this issue to our attention and following the highest standards of coordinated disclosure.