βΌ CVE-2023-41085 βΌ
π Read
via "National Vulnerability Database".
When IPSec is configured on a Virtual Server, undisclosed traffic can cause TMM to terminate.Γ Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.π Read
via "National Vulnerability Database".
βΌ CVE-2023-43746 βΌ
π Read
via "National Vulnerability Database".
When running in Appliance mode, an authenticated user assigned the Administrator role may be able to bypass Appliance mode restrictions, utilizing BIG-IP external monitor on a BIG-IP system.Γ A successful exploit can allow the attacker to cross a security boundary.Γ Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.π Read
via "National Vulnerability Database".
βΌ CVE-2023-43785 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in libX11 due to a boundary condition within the _XkbReadKeySyms() function. This flaw allows a local user to trigger an out-of-bounds read error and read the contents of memory on the system.π Read
via "National Vulnerability Database".
βΌ CVE-2023-43485 βΌ
π Read
via "National Vulnerability Database".
When TACACS+ audit forwarding is configured on BIG-IP or BIG-IQ system, sharedsecret is logged in plaintext in the audit log.Γ Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.π Read
via "National Vulnerability Database".
βΌ CVE-2023-40534 βΌ
π Read
via "National Vulnerability Database".
When a client-side HTTP/2 profile and the HTTP MRF Router option are enabled for a virtual server, and an iRule using the HTTP_REQUEST event or Local Traffic Policy are associated with the virtual server, undisclosed requests can cause TMM to terminate.Γ Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.π Read
via "National Vulnerability Database".
βΌ CVE-2023-43611 βΌ
π Read
via "National Vulnerability Database".
The BIG-IP Edge Client Installer on macOS does not follow best practices for elevating privileges during the installation process.Γ This vulnerability is due to an incomplete fix for CVE-2023-38418.Γ Γ Note: Software versions which have reached End of Technical Support (EoTS) are not evaluatedπ Read
via "National Vulnerability Database".
βΌ CVE-2023-41253 βΌ
π Read
via "National Vulnerability Database".
When on BIG-IP DNS or BIG-IP LTM enabled with DNS Services License, and a TSIG key is created, it is logged in plaintext in the audit log.Γ Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.π Read
via "National Vulnerability Database".
βΌ CVE-2023-45226 βΌ
π Read
via "National Vulnerability Database".
The BIG-IP SPK TMM (Traffic Management Module) f5-debug-sidecar and f5-debug-sshd containers contains hardcoded credentials that may allow an attacker with the ability to intercept traffic to impersonate the SPK Secure Shell (SSH) server on those containers. This is only exposed when ssh debug is enabled.Γ Note: Software versions which have reached End of Technical Support (EoTS) are not evaluatedπ Read
via "National Vulnerability Database".
βΌ CVE-2023-43786 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in libX11 due to an infinite loop within the PutSubImage() function. This flaw allows a local user to consume all available system resources and cause a denial of service condition.π Read
via "National Vulnerability Database".
βΌ CVE-2023-44763 βΌ
π Read
via "National Vulnerability Database".
Concrete CMS v9.2.1 is affected by Arbitrary File Upload vulnerability via the Thumbnail" file upload, which allows Cross-Site Scripting (XSS).π Read
via "National Vulnerability Database".
βΌ CVE-2023-5450 βΌ
π Read
via "National Vulnerability Database".
An insufficient verification of data vulnerability exists in BIG-IP Edge Client Installer on macOS that may allow an attacker elevation of privileges during the installation process.Γ Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.π Read
via "National Vulnerability Database".
βΌ CVE-2023-41964 βΌ
π Read
via "National Vulnerability Database".
The BIG-IP and BIG-IQ systems do not encrypt some sensitive information written to Database (DB) variables.Γ Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.π Read
via "National Vulnerability Database".
βΌ CVE-2023-39447 βΌ
π Read
via "National Vulnerability Database".
When BIG-IP APM Guided Configurations are configured, undisclosed sensitive information may be logged in restnoded log.Γ Γ Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.π Read
via "National Vulnerability Database".
βΌ CVE-2023-40542 βΌ
π Read
via "National Vulnerability Database".
When TCP Verified Accept is enabled on a TCP profile that is configured on a Virtual Server, undisclosed requests can cause an increase in memory resource utilization.Γ Note: Software versions which have reached End of Technical Support (EoTS) are not evaluatedπ Read
via "National Vulnerability Database".
βΌ CVE-2023-42768 βΌ
π Read
via "National Vulnerability Database".
When a non-admin user has been assigned an administrator role via an iControl REST PUT request and later the user's role is reverted back to a non-admin role via the Configuration utility, tmsh, or iControl REST. BIG-IP non-admin user can still have access to iControl REST admin resource.Γ Γ Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.π Read
via "National Vulnerability Database".
βΌ CVE-2023-45219 βΌ
π Read
via "National Vulnerability Database".
Exposure of Sensitive Information vulnerability exist in an undisclosed BIG-IP TMOS shell (tmsh) command which may allow an authenticated attacker with resource administrator role privileges to view sensitive information.Γ Γ Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.π Read
via "National Vulnerability Database".
βΌ CVE-2023-40537 βΌ
π Read
via "National Vulnerability Database".
An authenticated user's session cookie may remain valid for a limited time after logging out from the BIG-IP Configuration utility on a multi-blade VIPRION platform.Γ Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.π Read
via "National Vulnerability Database".
βΌ CVE-2023-41373 βΌ
π Read
via "National Vulnerability Database".
A directory traversal vulnerability exists in the BIG-IP Configuration Utility that may allow an authenticated attacker to execute commands on the BIG-IP system. For BIG-IP system running in Appliance mode, a successful exploit can allow the attacker to cross a security boundary.Γ Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.π Read
via "National Vulnerability Database".
π΄ Old-School Attacks Are Still a Danger, Despite Newer Techniques π΄
π Read
via "Dark Reading".
The cold, hard truth? Cybercriminals are still perpetuating plenty of unsophisticated attacks for a simple reason: They work.π Read
via "Dark Reading".
Dark Reading
Old-School Attacks Are Still a Danger, Despite Newer Techniques
The cold, hard truth? Cybercriminals are still perpetuating plenty of unsophisticated attacks for a simple reason: They work.
π¦Ώ Australia, New Zealand Enterprises Spend Big on Security β But Will It Be Enough? π¦Ώ
π Read
via "Tech Republic".
Australian and New Zealand businesses will increase spending on cybersecurity by double digitsβ¦ but they might not be able to spend their way to safety.π Read
via "Tech Republic".
TechRepublic
Australia, New Zealand Enterprises Spend Big on Security β But Will It Be Enough?
Australian and New Zealand businesses will increase spending on cybersecurity, but they might not be able to spend their way to safety.
βΌ CVE-2023-5490 βΌ
π Read
via "National Vulnerability Database".
A vulnerability classified as critical was found in Beijing Baichuo Smart S45F Multi-Service Secure Gateway Intelligent Management Platform up to 20230928. This vulnerability affects unknown code of the file /useratte/userattestation.php. The manipulation of the argument web_img leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-241642 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.π Read
via "National Vulnerability Database".