CVE-2023-22374 · CVEKit

cve.orgen

391 chars

A format string vulnerability exists in iControl SOAP that allows an authenticated attacker to crash the iControl SOAP CGI process or, potentially execute arbitrary code. In appliance mode BIG-IP, a successful exploit of this vulnerability can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

NVDen

391 chars

A format string vulnerability exists in iControl SOAP that allows an authenticated attacker to crash the iControl SOAP CGI process or, potentially execute arbitrary code. In appliance mode BIG-IP, a successful exploit of this vulnerability can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

NVDes

427 chars

Existe una vulnerabilidad de cadena de formato en iControl SOAP que permite a un atacante autenticado bloquear el proceso CGI de iControl SOAP o, potencialmente, ejecutar código arbitrario. En el modo de dispositivo BIG-IP, una explotación exitosa de esta vulnerabilidad puede permitir al atacante cruzar un límite de seguridad. Nota: Las versiones de software que han llegado al final del soporte técnico (EoTS) no se evalúan.

CVSS metrics across sources

3

Version	Type	Source	Base	Exp	Impact	Vector
3.1	Primary	cve.org	8.5	—	—	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
3.1	Secondary	NVD	8.5	1.8	6.0	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H