F5 BIG-IP Remote Code Execution Vulnerability (CVE-2023-22374)

Feb 07, 2023 GMT+08:00

I. Overview

Recently, F5 published a security advisory on its official website, disclosing a remote code execution vulnerability (CVE-2023-22374) in F5 BIG-IP. The iControl SOAP component has a format string vulnerability. Authenticated attackers can exploit this vulnerability to cause DoS on the iControl SOAP CGI process or execute arbitrary code.  In appliance mode BIG-IP, a successful exploit of this vulnerability can allow the attacker to cross a security boundary. The details of this vulnerability have been disclosed and the risk is high.

The BIG-IP Local Traffic Manager (LTM) is an excellent application traffic management system. If you are an F5 BIG-IP user, check your versions and implement timely security hardening.

Reference:

https://my.f5.com/manage/s/article/K000130415

II. Severity

Severity: important

(Severity: low, moderate, important, and critical)

III. Affected Products

Affected versions:

F5 BIG-IP 17.x: 17.0.0

F5 BIG-IP 16.x: 16.1.2.2 - 16.1.3

F5 BIG-IP 15.x: 15.1.5.1 - 15.1.8

F5 BIG-IP 14.x: 14.1.4.6 - 14.1.5

F5 BIG-IP 13.x: 13.1.5

Secure versions:

Currently, no security version is available.

IV. Vulnerability Handling

Currently, no official secure version is released. It is recommended that affected users refer to the workarounds provided in the official notice to avoid risks.

1. Comply with the best practices to protect the access to the management interface and IP address of the BIG-IP system.

2. Configure a whitelist for accessing the iControl SOAP API of the system. If you do not use the iControl SOAP API, you can disable all access by setting the iControl SOAP API whitelist to an empty list.

For details, see "Mitigation" on https://my.f5.com/manage/s/article/K000130415.

Note: Before fixing vulnerabilities, back up your files and conduct a thorough test.