vulnerability

F5 Networks: CVE-2023-28406: K000132768: BIG-IP Configuration utility vulnerability CVE-2023-28406

Severity
4
CVSS
(AV:N/AC:L/Au:S/C:P/I:N/A:N)
Published
May 3, 2023
Added
Dec 8, 2023
Modified
Jan 28, 2025

Description

A directory traversal vulnerability exists in an undisclosed page of the BIG-IP Configuration utility which may allow an authenticated attacker to read files with .xml extension. Access to restricted information is limited and the attacker does not control what information is obtained. 

Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Solution

f5-big-ip-upgrade-latest
Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.