Lucene search

F5CVE-2023-38138

HistoryAug 02, 2023 - 4:15 p.m.

CVE-2023-38138

2023-08-0216:15:10

CWE-79

web.nvd.nist.gov

cve-2023-38138

reflected xss

big-ip configuration utility

javascript

security vulnerability

nvd

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

5.9

Confidence

High

EPSS

0.001

Percentile

27.8%

JSON

A reflected cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility which allows an attacker to run JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Affected configurations

Nvd

Node

f5big-ip_access_policy_managerRange13.1.0–13.1.5

f5big-ip_access_policy_managerRange14.1.0–14.1.5.5

f5big-ip_access_policy_managerRange15.1.0–15.1.9.1

f5big-ip_access_policy_managerRange16.1.0–16.1.3.5

f5big-ip_access_policy_managerRange17.0.0–17.1.0.2

f5big-ip_advanced_firewall_managerRange13.1.0–13.1.5

f5big-ip_advanced_firewall_managerRange14.1.0–14.1.5.5

f5big-ip_advanced_firewall_managerRange15.1.0–15.1.9.1

f5big-ip_advanced_firewall_managerRange16.1.0–16.1.3.5

f5big-ip_advanced_firewall_managerRange17.0.0–17.1.0.2

f5big-ip_advanced_web_application_firewallRange13.1.0–13.1.5

f5big-ip_advanced_web_application_firewallRange14.1.0–14.1.5.5

f5big-ip_advanced_web_application_firewallRange15.1.0–15.1.9.1

f5big-ip_advanced_web_application_firewallRange16.1.0–16.1.3.5

f5big-ip_advanced_web_application_firewallRange17.0.0–17.1.0.2

f5big-ip_analyticsRange13.1.0–13.1.5

f5big-ip_analyticsRange14.1.0–14.1.5.5

f5big-ip_analyticsRange15.1.0–15.1.9.1

f5big-ip_analyticsRange16.1.0–16.1.3.5

f5big-ip_analyticsRange17.0.0–17.1.0.2

f5big-ip_application_acceleration_managerRange13.1.0–13.1.5

f5big-ip_application_acceleration_managerRange14.1.0–14.1.5.5

f5big-ip_application_acceleration_managerRange15.1.0–15.1.9.1

f5big-ip_application_acceleration_managerRange16.1.0–16.1.3.5

f5big-ip_application_acceleration_managerRange17.0.0–17.1.0.2

f5big-ip_application_security_managerRange13.1.0–13.1.5

f5big-ip_application_security_managerRange14.1.0–14.1.5.5

f5big-ip_application_security_managerRange15.1.0–15.1.9.1

f5big-ip_application_security_managerRange16.1.0–16.1.3.5

f5big-ip_application_security_managerRange17.0.0–17.1.0.2

f5big-ip_application_visibility_and_reportingRange13.1.0–13.1.5

f5big-ip_application_visibility_and_reportingRange14.1.0–14.1.5.5

f5big-ip_application_visibility_and_reportingRange15.1.0–15.1.9.1

f5big-ip_application_visibility_and_reportingRange16.1.0–16.1.3.5

f5big-ip_application_visibility_and_reportingRange17.0.0–17.1.0.2

f5big-ip_carrier-grade_natRange13.1.0–13.1.5

f5big-ip_carrier-grade_natRange14.1.0–14.1.5.5

f5big-ip_carrier-grade_natRange15.1.0–15.1.9.1

f5big-ip_carrier-grade_natRange16.1.0–16.1.3.5

f5big-ip_carrier-grade_natRange17.0.0–17.1.0.2

f5big-ip_ddos_hybrid_defenderRange13.1.0–13.1.5

f5big-ip_ddos_hybrid_defenderRange14.1.0–14.1.5.5

f5big-ip_ddos_hybrid_defenderRange15.1.0–15.1.9.1

f5big-ip_ddos_hybrid_defenderRange16.1.0–16.1.3.5

f5big-ip_ddos_hybrid_defenderRange17.0.0–17.1.0.2

f5big-ip_domain_name_systemRange13.1.0–13.1.5

f5big-ip_domain_name_systemRange14.1.0–14.1.5.5

f5big-ip_domain_name_systemRange15.1.0–15.1.9.1

f5big-ip_domain_name_systemRange16.1.0–16.1.3.5

f5big-ip_domain_name_systemRange17.0.0–17.1.0.2

f5big-ip_edge_gatewayRange13.1.0–13.1.5

f5big-ip_edge_gatewayRange14.1.0–14.1.5.5

f5big-ip_edge_gatewayRange15.1.0–15.1.9.1

f5big-ip_edge_gatewayRange16.1.0–16.1.3.5

f5big-ip_edge_gatewayRange17.0.0–17.1.0.2

f5big-ip_fraud_protection_serviceRange13.1.0–13.1.5

f5big-ip_fraud_protection_serviceRange14.1.0–14.1.5.5

f5big-ip_fraud_protection_serviceRange15.1.0–15.1.9.1

f5big-ip_fraud_protection_serviceRange16.1.0–16.1.3.5

f5big-ip_fraud_protection_serviceRange17.0.0–17.1.0.2

f5big-ip_global_traffic_managerRange13.1.0–13.1.5

f5big-ip_global_traffic_managerRange14.1.0–14.1.5.5

f5big-ip_global_traffic_managerRange15.1.0–15.1.9.1

f5big-ip_global_traffic_managerRange16.1.0–16.1.3.5

f5big-ip_global_traffic_managerRange17.0.0–17.1.0.2

f5big-ip_link_controllerRange13.1.0–13.1.5

f5big-ip_link_controllerRange14.1.0–14.1.5.5

f5big-ip_link_controllerRange15.1.0–15.1.9.1

f5big-ip_link_controllerRange16.1.0–16.1.3.5

f5big-ip_link_controllerRange17.0.0–17.1.0

f5big-ip_local_traffic_managerRange13.1.0–13.1.5

f5big-ip_local_traffic_managerRange14.1.0–14.1.5.5

f5big-ip_local_traffic_managerRange15.1.0–15.1.9.1

f5big-ip_local_traffic_managerRange16.1.0–16.1.3.5

f5big-ip_local_traffic_managerRange17.0.0–17.1.0.2

f5big-ip_policy_enforcement_managerRange13.1.0–13.1.5

f5big-ip_policy_enforcement_managerRange14.1.0–14.1.5.5

f5big-ip_policy_enforcement_managerRange15.1.0–15.1.9.1

f5big-ip_policy_enforcement_managerRange16.1.0–16.1.3.5

f5big-ip_policy_enforcement_managerRange17.0.0–17.1.0.2

f5big-ip_ssl_orchestratorRange13.1.0–13.1.5

f5big-ip_ssl_orchestratorRange14.1.0–14.1.5.5

f5big-ip_ssl_orchestratorRange15.1.0–15.1.9.1

f5big-ip_ssl_orchestratorRange16.1.0–16.1.3.5

f5big-ip_ssl_orchestratorRange17.0.0–17.1.0.2

f5big-ip_webacceleratorRange13.1.0–13.1.5

f5big-ip_webacceleratorRange14.1.0–14.1.5.5

f5big-ip_webacceleratorRange15.1.0–15.1.9.1

f5big-ip_webacceleratorRange16.1.0–16.1.3.5

f5big-ip_webacceleratorRange17.0.0–17.1.0.2

f5big-ip_websafeRange13.1.0–13.1.5

f5big-ip_websafeRange14.1.0–14.1.5.5

f5big-ip_websafeRange15.1.0–15.1.9.1

f5big-ip_websafeRange16.1.0–16.1.3.5

f5big-ip_websafeRange17.0.0–17.1.0.2

VendorProductVersionCPE
f5big-ip_access_policy_manager*cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*
f5big-ip_advanced_firewall_manager*cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*
f5big-ip_advanced_web_application_firewall*cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*
f5big-ip_analytics*cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*
f5big-ip_application_acceleration_manager*cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*
f5big-ip_application_security_manager*cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*
f5big-ip_application_visibility_and_reporting*cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:*
f5big-ip_carrier-grade_nat*cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:*
f5big-ip_ddos_hybrid_defender*cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*
f5big-ip_domain_name_system*cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
f5	big-ip_access_policy_manager	*	cpe:2.3:a:f5:big-ip_access_policy_manager::::::::
f5	big-ip_advanced_firewall_manager	*	cpe:2.3:a:f5:big-ip_advanced_firewall_manager::::::::
f5	big-ip_advanced_web_application_firewall	*	cpe:2.3:a:f5:big-ip_advanced_web_application_firewall::::::::
f5	big-ip_analytics	*	cpe:2.3:a:f5:big-ip_analytics::::::::
f5	big-ip_application_acceleration_manager	*	cpe:2.3:a:f5:big-ip_application_acceleration_manager::::::::
f5	big-ip_application_security_manager	*	cpe:2.3:a:f5:big-ip_application_security_manager::::::::
f5	big-ip_application_visibility_and_reporting	*	cpe:2.3:a:f5:big-ip_application_visibility_and_reporting::::::::
f5	big-ip_carrier-grade_nat	*	cpe:2.3:a:f5:big-ip_carrier-grade_nat::::::::
f5	big-ip_ddos_hybrid_defender	*	cpe:2.3:a:f5:big-ip_ddos_hybrid_defender::::::::
f5	big-ip_domain_name_system	*	cpe:2.3:a:f5:big-ip_domain_name_system::::::::

Rows per page:

1-10 of 191

CNA Affected

[
  {
    "defaultStatus": "unknown",
    "modules": [
      "All Modules"
    ],
    "product": "BIG-IP",
    "vendor": "F5",
    "versions": [
      {
        "lessThan": "17.1.0.2",
        "status": "affected",
        "version": "17.1.0",
        "versionType": "semver"
      },
      {
        "lessThan": "16.1.3.5",
        "status": "affected",
        "version": "16.1.0",
        "versionType": "semver"
      },
      {
        "lessThan": "15.1.9.1",
        "status": "affected",
        "version": "15.1.0",
        "versionType": "semver"
      },
      {
        "lessThan": "14.1.5.5",
        "status": "affected",
        "version": "14.1.0",
        "versionType": "semver"
      },
      {
        "lessThan": "*",
        "status": "affected",
        "version": "13.1.0",
        "versionType": "semver"
      }
    ]
  }
]