Rewterz Threat Advisory – Multiple SAP Products Vulnerabilities
October 12, 2023Rewterz Threat Alert – STOP (DJVU) Ransomware – Active IOCs
October 12, 2023Rewterz Threat Advisory – Multiple SAP Products Vulnerabilities
October 12, 2023Rewterz Threat Alert – STOP (DJVU) Ransomware – Active IOCs
October 12, 2023Severity
Medium
Analysis Summary
CVE-2023-43485 CVSS:5.5
F5 BIG-IP could allow a local authenticated attacker to obtain sensitive information, caused by a flaw when TACACS+ audit forwarding is configured. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information.
CVE-2023-40534 CVSS:7.5
F5 BIG-IP Next SPK is vulnerable to a denial of service, caused by a flaw when a client-side HTTP/2 profile and the HTTP MRF Router option are enabled for a virtual server. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause the Traffic Management Microkernel (TMM) to terminate.
CVE-2023-43611 CVSS:7.8
F5 BIG-IP could allow a local authenticated attacker to gain elevated privileges on the system, caused by not following the best practices for elevating privileges during the installation process. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges.
CVE-2023-41964 CVSS:4.3
F5 BIG-IP could allow a remote authenticated attacker to obtain sensitive information, caused by failing to encrypt information. An attacker could exploit this vulnerability to obtain sensitive information.
CVE-2023-43746 CVSS:8.7
F5 BIG-IP could allow a remote authenticated attacker to bypass security restrictions, caused by a flaw when running in Appliance mode. By sending a specially crafted request using external monitor, an attacker could exploit this vulnerability to bypass Appliance mode restrictions.
CVE-2023-45226 CVSS:7.4
F5 BIG-IP Next SPK could allow a remote attacker to bypass security restrictions, caused by the use of hardcoded credentials in TMM (Traffic Management Module) f5-debug-sidecar and f5-debug-sshd. By sending a specially crafted request, an attacker could exploit this vulnerability to impersonate the SPK Secure Shell (SSH) server.
CVE-2023-40542 CVSS:7.5
F5 BIG-IP is vulnerable to a denial of service, caused by a flaw when TCP Verified Accept is enabled on a TCP profile that is configured on a virtual server. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause an increase in memory resource utilization.
CVE-2023-42768 CVSS:7.2
F5 BIG-IP could allow a remote authenticated attacker to bypass security restrictions, caused by a flaw when reverting back to a non-admin role via the Configuration utility, tmsh, or iControl REST. By sending a specially crafted request, an attacker could exploit this vulnerability to access the iControl REST admin resource.
CVE-2023-41373 CVSS:9.9
F5 BIG-IP could allow a remote authenticated attacker to traverse directories on the system, caused by a flaw in the Configuration utility. An attacker could send a specially crafted URL request containing “dot dot” sequences (/../) to execute arbitrary commands on the system.
CVE-2023-5450 CVSS:7.3
F5 BIG-IP (APM) could allow a local authenticated attacker to gain elevated privileges on the system, caused by an insufficient verification of data flaw during the installation process. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges
CVE-2023-40534 CVSS:7.5
F5 BIG-IP Next SPK is vulnerable to a denial of service, caused by a flaw when a client-side HTTP/2 profile and the HTTP MRF Router option are enabled for a virtual server. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause the Traffic Management Microkernel (TMM) to terminate.
CVE-2023-41253 CVSS:5.5
F5 BIG-IP could allow a local authenticated attacker to obtain sensitive information, caused by a flaw when a BIG-IP DNS or BIG-IP LTM system is enabled with the DNS Services license. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information.
CVE-2023-45219 CVSS:4.4
F5 BIG-IP could allow a local authenticated attacker to obtain sensitive information, caused by a flaw in an undisclosed BIG-IP TMOS Shell (tmsh) command. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information.
CVE-2023-39447 CVSS:4.4
BIG-IP could allow a local authenticated attacker to obtain sensitive information, caused by a flaw when BIG-IP APM Guided Configuration is configured. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information.
Impact
- Information Theft
- Denial of Service
- Privilege Escalation
- Security Bypass
- Data Manipulation
Indicators Of Compromise
CVE
- CVE-2023-43485
- CVE-2023-40534
- CVE-2023-43611
- CVE-2023-41964
- CVE-2023-43746
- CVE-2023-45226
- CVE-2023-40542
- CVE-2023-42768
- CVE-2023-41373
- CVE-2023-5450
- CVE-2023-41253
- CVE-2023-45219
- CVE-2023-39447
Affected Vendors
F5
Affected Products
- F5 BIG-IP 13.1.0
- F5 BIG-IP (DNS) 15.1.0
- F5 BIG-IP (DNS) 14.1.0
- F5 BIG-IQ Centralized Management 8.0.0
- F5 BIG-IP 16.1.0
- F5 BIG-IP 13.1.5
- F5 BIG-IP 16.1.3
- F5 BIG-IP 14.1.5
- F5 BIG-IP 15.1.8
- F5 BIG-IQ Centralized Management 8.3.0
- F5 BIG-IP 17.1.0
- F5 BIG-IP (APM) 14.1.0
- F5 BIG-IP (APM) 13.1.0
- F5 BIG-IP (APM) 15.1.0
- F5 BIG-IP (APM) 16.1.0
- F5 BIG-IP (APM) 13.1.5
- F5 BIG-IP (APM) 14.1.5
- F5 BIG-IP (APM) 17.1.0
Remediation
Refer to F5 Security Advisory for patch, upgrade or suggested workaround information.