CVE-2023-29240: Malicious File Upload
First published: Wed May 03 2023(Updated: )
An authenticated attacker granted a Viewer or Auditor role on a BIG-IQ can upload arbitrary files using an undisclosed iControl REST endpoint. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Credit: f5sirt@f5.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| F5 BIG-IQ Centralized Management | >=8.0.0<8.3.0 | |
| F5 BIG-IQ Centralized Management | >=8.0.0<=8.2.0 | 8.3.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this vulnerability?
The vulnerability ID for this vulnerability is CVE-2023-29240.
What is the severity of CVE-2023-29240?
The severity of CVE-2023-29240 is medium with a severity value of 5.4.
Who is affected by CVE-2023-29240?
Users of F5 BIG-IQ Centralized Management versions 8.0.0 to 8.3.0 are affected by CVE-2023-29240.
What can an authenticated attacker do if granted a Viewer or Auditor role on a BIG-IQ?
An authenticated attacker granted a Viewer or Auditor role on a BIG-IQ can upload arbitrary files using an undisclosed iControl REST endpoint.
Is there a fix available for CVE-2023-29240?
Please refer to the F5 support article at https://my.f5.com/manage/s/article/K000132719 for information on available fixes.
- collector/nvd-latest
- collector/nvd-index
- agent/references
- agent/weakness
- agent/severity
- agent/author
- agent/description
- agent/type
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/softwarecombine
- agent/tags
- collector/f5-advisory
- source/F5
- alias/CVE-2023-29240
- agent/software-canonical-lookup
- vendor/f5
- canonical/f5 big-iq centralized management
- version/f5 big-iq centralized management/8.0.0
- version/f5 big-iq centralized management/8.2.0