Lucene search
HistoryMay 03, 2023 - 3:15 p.m.
CVE-2023-27378
cve-2023-27378
xss
vulnerability
big-ip
configuration utility
javascript
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
6.2 Medium
AI Score
Confidence
High
0.0005 Low
EPSS
Percentile
18.4%
Multiple reflected cross-site scripting (XSS) vulnerabilities exist in undisclosed pages of the BIG-IP Configuration utility which allow an attacker to run JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Affected configurations
Node
f5big-ip_access_policy_managerRange13.1.0–13.1.5
ORf5big-ip_access_policy_managerRange14.1.0–14.1.5.4
ORf5big-ip_access_policy_managerRange15.1.0–15.1.8.2
ORf5big-ip_access_policy_managerRange16.1.0–16.1.3.4
ORf5big-ip_access_policy_managerRange17.0.0–17.1.0.1
ORf5big-ip_advanced_firewall_managerRange13.1.0–13.1.5
ORf5big-ip_advanced_firewall_managerRange14.1.0–14.1.5.4
ORf5big-ip_advanced_firewall_managerRange15.1.0–15.1.8.2
ORf5big-ip_advanced_firewall_managerRange16.1.0–16.1.3.4
ORf5big-ip_advanced_firewall_managerRange17.0.0–17.1.0.1
ORf5big-ip_advanced_web_application_firewallRange13.1.0–13.1.5
ORf5big-ip_advanced_web_application_firewallRange14.1.0–14.1.5.4
ORf5big-ip_advanced_web_application_firewallRange15.1.0–15.1.8.2
ORf5big-ip_advanced_web_application_firewallRange16.1.0–16.1.3.4
ORf5big-ip_advanced_web_application_firewallRange17.0.0–17.1.0.1
ORf5big-ip_analyticsRange13.1.0–13.1.5
ORf5big-ip_analyticsRange14.1.0–14.1.5.4
ORf5big-ip_analyticsRange15.1.0–15.1.8.2
ORf5big-ip_analyticsRange16.1.0–16.1.3.4
ORf5big-ip_analyticsRange17.0.0–17.1.0.1
ORf5big-ip_application_acceleration_managerRange13.1.0–13.1.5
ORf5big-ip_application_acceleration_managerRange14.1.0–14.1.5.4
ORf5big-ip_application_acceleration_managerRange15.1.0–15.1.8.2
ORf5big-ip_application_acceleration_managerRange16.1.0–16.1.3.4
ORf5big-ip_application_acceleration_managerRange17.0.0–17.1.0.1
ORf5big-ip_application_security_managerRange13.1.0–13.1.5
ORf5big-ip_application_security_managerRange14.1.0–14.1.5.4
ORf5big-ip_application_security_managerRange15.1.0–15.1.8.2
ORf5big-ip_application_security_managerRange16.1.0–16.1.3.4
ORf5big-ip_application_security_managerRange17.0.0–17.1.0.1
ORf5big-ip_application_visibility_and_reportingRange13.1.0–13.1.5
ORf5big-ip_application_visibility_and_reportingRange14.1.0–14.1.5.4
ORf5big-ip_application_visibility_and_reportingRange15.1.0–15.1.8.2
ORf5big-ip_application_visibility_and_reportingRange16.1.0–16.1.3.4
ORf5big-ip_application_visibility_and_reportingRange17.0.0–17.1.0.1
ORf5big-ip_carrier-grade_natRange13.1.0–13.1.5
ORf5big-ip_carrier-grade_natRange14.1.0–14.1.5.4
ORf5big-ip_carrier-grade_natRange15.1.0–15.1.8.2
ORf5big-ip_carrier-grade_natRange16.1.0–16.1.3.4
ORf5big-ip_carrier-grade_natRange17.0.0–17.1.0.1
ORf5big-ip_ddos_hybrid_defenderRange13.1.0–13.1.5
ORf5big-ip_ddos_hybrid_defenderRange14.1.0–14.1.5.4
ORf5big-ip_ddos_hybrid_defenderRange15.1.0–15.1.8.2
ORf5big-ip_ddos_hybrid_defenderRange16.1.0–16.1.3.4
ORf5big-ip_ddos_hybrid_defenderRange17.0.0–17.1.0.1
ORf5big-ip_domain_name_systemRange13.1.0–13.1.5
ORf5big-ip_domain_name_systemRange14.1.0–14.1.5.4
ORf5big-ip_domain_name_systemRange15.1.0–15.1.8.2
ORf5big-ip_domain_name_systemRange16.1.0–16.1.3.4
ORf5big-ip_domain_name_systemRange17.0.0–17.1.0.1
ORf5big-ip_edge_gatewayRange13.1.0–13.1.5
ORf5big-ip_edge_gatewayRange14.1.0–14.1.5.4
ORf5big-ip_edge_gatewayRange15.1.0–15.1.8.2
ORf5big-ip_edge_gatewayRange16.1.0–16.1.3.4
ORf5big-ip_edge_gatewayRange17.0.0–17.1.0.1
ORf5big-ip_fraud_protection_serviceRange13.1.0–13.1.5
ORf5big-ip_fraud_protection_serviceRange14.1.0–14.1.5.4
ORf5big-ip_fraud_protection_serviceRange15.1.0–15.1.8.2
ORf5big-ip_fraud_protection_serviceRange16.1.0–16.1.3.4
ORf5big-ip_fraud_protection_serviceRange17.0.0–17.1.0.1
ORf5big-ip_global_traffic_managerRange13.1.0–13.1.5
ORf5big-ip_global_traffic_managerRange14.1.0–14.1.5.4
ORf5big-ip_global_traffic_managerRange15.1.0–15.1.8.2
ORf5big-ip_global_traffic_managerRange16.1.0–16.1.3.4
ORf5big-ip_global_traffic_managerRange17.0.0–17.1.0.1
ORf5big-ip_link_controllerRange13.1.0–13.1.5
ORf5big-ip_link_controllerRange14.1.0–14.1.5.4
ORf5big-ip_link_controllerRange15.1.0–15.1.8.2
ORf5big-ip_link_controllerRange16.1.0–16.1.3.4
ORf5big-ip_link_controllerRange17.0.0–17.1.0.1
ORf5big-ip_local_traffic_managerRange13.1.0–13.1.5
ORf5big-ip_local_traffic_managerRange14.1.0–14.1.5.4
ORf5big-ip_local_traffic_managerRange15.1.0–15.1.8.2
ORf5big-ip_local_traffic_managerRange16.1.0–16.1.3.4
ORf5big-ip_local_traffic_managerRange17.0.0–17.1.0.1
ORf5big-ip_policy_enforcement_managerRange13.1.0–13.1.5
ORf5big-ip_policy_enforcement_managerRange14.1.0–14.1.5.4
ORf5big-ip_policy_enforcement_managerRange15.1.0–15.1.8.2
ORf5big-ip_policy_enforcement_managerRange16.1.0–16.1.3.4
ORf5big-ip_policy_enforcement_managerRange17.0.0–17.1.0.1
ORf5big-ip_ssl_orchestratorRange13.1.0–13.1.5
ORf5big-ip_ssl_orchestratorRange14.1.0–14.1.5.4
ORf5big-ip_ssl_orchestratorRange15.1.0–15.1.8.2
ORf5big-ip_ssl_orchestratorRange16.1.0–16.1.3.4
ORf5big-ip_ssl_orchestratorRange17.0.0–17.1.0.1
ORf5big-ip_webacceleratorRange13.1.0–13.1.5
ORf5big-ip_webacceleratorRange14.1.0–14.1.5.4
ORf5big-ip_webacceleratorRange15.1.0–15.1.8.2
ORf5big-ip_webacceleratorRange16.1.0–16.1.3.4
ORf5big-ip_webacceleratorRange17.0.0–17.1.0.1
ORf5big-ip_websafeRange13.1.0–13.1.5
ORf5big-ip_websafeRange14.1.0–14.1.5.4
ORf5big-ip_websafeRange15.1.0–15.1.8.2
ORf5big-ip_websafeRange16.1.0–16.1.3.4
ORf5big-ip_websafeRange17.0.0–17.1.0.1
CNA Affected
[
{
"defaultStatus": "unknown",
"modules": [
"All Modules"
],
"product": "BIG-IP",
"vendor": "F5",
"versions": [
{
"lessThan": "17.1.0.1",
"status": "affected",
"version": "17.1.0",
"versionType": "semver"
},
{
"lessThan": "*",
"status": "affected",
"version": "17.0.0",
"versionType": "semver"
},
{
"lessThan": "16.1.3.4",
"status": "affected",
"version": "16.1.0",
"versionType": "semver"
},
{
"lessThan": "15.1.8.2",
"status": "affected",
"version": "15.1.0",
"versionType": "semver"
},
{
"lessThan": "14.1.5.4",
"status": "affected",
"version": "14.1.0",
"versionType": "semver"
},
{
"lessThan": "*",
"status": "affected",
"version": "13.1.0",
"versionType": "semver"
}
]
}
]References
Related
prion
prion
Cross site scripting
2023-05-03 15:15:00
f5
f5
K000132726 : BIG-IP Configuration utility XSS vulnerability CVE-2023-27378
2023-05-03 00:00:00
K000133251 : Overview of F5 vulnerabilities (May 2023)
2023-05-03 00:00:00
cvelist
cvelist
CVE-2023-27378 BIG-IP TMUI XSS vulnerability
2023-05-03 14:33:49
nessus
nessus
nvd
nvd
CVE-2023-27378
2023-05-03 15:15:12
cnvd
cnvd
F5 BIG-IP Cross-Site Scripting Vulnerability (CNVD-2023-82308)
2023-05-09 00:00:00
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
6.2 Medium
AI Score
Confidence
High
0.0005 Low
EPSS
Percentile
18.4%
Related for CVE-2023-27378