F5 BIG-IP Carrier-Grade NAT (CGNAT) 17.1.0.1

CPE Details

F5 BIG-IP Carrier-Grade NAT (CGNAT) 17.1.0.1
f5
big-ip_carrier-grade_nat
17.1.0.1
2023-05-09
14h32 +00:00
2023-05-12
13h38 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:f5:big-ip_carrier-grade_nat:17.1.0.1:*:*:*:*:*:*:*

Informations

Vendor

f5

Product

big-ip_carrier-grade_nat

Version

17.1.0.1

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2023-46748 2023-10-26 20h05 +00:00 An authenticated SQL injection vulnerability exists in the BIG-IP Configuration utility which may allow an authenticated attacker with network access to the Configuration utility through the BIG-IP management port and/or self IP addresses to execute arbitrary system commands.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
8.8
High
CVE-2023-46747 2023-10-26 20h04 +00:00 Undisclosed requests may bypass configuration utility authentication, allowing an attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
9.8
Critical
CVE-2023-41373 2023-10-10 12h33 +00:00 A directory traversal vulnerability exists in the BIG-IP Configuration Utility that may allow an authenticated attacker to execute commands on the BIG-IP system. For BIG-IP system running in Appliance mode, a successful exploit can allow the attacker to cross a security boundary.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
9.9
Critical
CVE-2023-38423 2023-08-02 15h55 +00:00 A cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged-in user.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
5.4
Medium
CVE-2023-38419 2023-08-02 15h55 +00:00 An authenticated attacker with guest privileges or higher can cause the iControl SOAP process to terminate by sending undisclosed requests.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
4.3
Medium
CVE-2023-38138 2023-08-02 15h55 +00:00 A reflected cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility which allows an attacker to run JavaScript in the context of the currently logged-in user.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
7.5
High
The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.