CVE-2023-43611 – BIG-IP Edge Client for macOS vulnerability
https://notcve.org/view.php?id=CVE-2023-43611
The BIG-IP Edge Client Installer on macOS does not follow best practices for elevating privileges during the installation process. This vulnerability is due to an incomplete fix for CVE-2023-38418. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated El instalador del cliente BIG-IP Edge en macOS no sigue las mejores prácticas para elevar los privilegios durante el proceso de instalación. Esta vulnerabilidad se debe a una solución incompleta para CVE-2023-38418. Nota: Las versiones de software que han llegado al End of Technical Support (EoTS) no se evalúan • https://my.f5.com/manage/s/article/K000136185 • CWE-347: Improper Verification of Cryptographic Signature •
CVE-2023-43485 – BIGIP and BIG-IQ TACACS+ audit log Vulnerability
https://notcve.org/view.php?id=CVE-2023-43485
When TACACS+ audit forwarding is configured on BIG-IP or BIG-IQ system, sharedsecret is logged in plaintext in the audit log. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. Cuando el reenvío de auditoría TACACS+ está configurado en el sistema BIG-IP o BIG-IQ, el secreto compartido se registra en texto plano en el audit log. Nota: Las versiones de software que han llegado al End of Technical Support (EoTS) no se evalúan. • https://my.f5.com/manage/s/article/K06110200 • CWE-532: Insertion of Sensitive Information into Log File •
CVE-2023-42768 – BIG-IP iControl REST vulnerability
https://notcve.org/view.php?id=CVE-2023-42768
When a non-admin user has been assigned an administrator role via an iControl REST PUT request and later the user's role is reverted back to a non-admin role via the Configuration utility, tmsh, or iControl REST. BIG-IP non-admin user can still have access to iControl REST admin resource. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. Cuando a un usuario no administrador se le ha asignado una función de administrador a través de una solicitud iControl REST PUT y posteriormente la función del usuario se revierte a una función de no administrador a través de la utilidad de configuración, tmsh o iControl REST. El usuario no administrador de BIG-IP aún puede tener acceso al recurso de administración iControl REST PUT. • https://my.f5.com/manage/s/article/K26910459 • CWE-613: Insufficient Session Expiration •
CVE-2023-41964 – BIG-IP and BIG-IQ Database Variable vulnerability
https://notcve.org/view.php?id=CVE-2023-41964
The BIG-IP and BIG-IQ systems do not encrypt some sensitive information written to Database (DB) variables. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. Los sistemas BIG-IP y BIG-IQ no cifran cierta información confidencial escrita en las variables de la Base de Datos (DB). Nota: Las versiones de software que han llegado al End of Technical Support (EoTS) no se evalúan. • https://my.f5.com/manage/s/article/K20850144 • CWE-312: Cleartext Storage of Sensitive Information •
CVE-2023-41373 – BIG-IP Configuration Utility vulnerability
https://notcve.org/view.php?id=CVE-2023-41373
A directory traversal vulnerability exists in the BIG-IP Configuration Utility that may allow an authenticated attacker to execute commands on the BIG-IP system. For BIG-IP system running in Appliance mode, a successful exploit can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. Existe una vulnerabilidad de directory traversal en la utilidad de configuración BIG-IP que puede permitir que un atacante autenticado ejecute comandos en el sistema BIG-IP. Para el sistema BIG-IP que se ejecuta en modo Dispositivo, un exploit exitoso puede permitir al atacante cruzar un límite de seguridad. Nota: Las versiones de software que han llegado al End of Technical Support (EoTS) no se evalúan. • https://my.f5.com/manage/s/article/K000135689 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •