First published: Wed Sep 27 2023(Updated: )
BIG-IP APM clients may send IP traffic outside of the VPN tunnel. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
Credit: f5sirt@f5.com f5sirt@f5.com
Affected Software | Affected Version | How to fix |
---|---|---|
F5 Big-ip Access Policy Manager | >=14.1.5.2<=14.1.5.6 | |
F5 Big-ip Access Policy Manager | >=15.1.8<=15.1.10 | |
F5 Big-ip Access Policy Manager | >=16.1.3.3<=16.1.4 | |
F5 Big-ip Access Policy Manager | =13.1.5.1 | |
F5 Big-ip Access Policy Manager | =17.1.0 | |
F5 Big-ip Access Policy Manager Client | >=7.2.3<=7.2.4 | |
F5 BIG-IP APM | >=17.1.0<=17.1.1 | 17.1.1.13 |
F5 BIG-IP APM | >=16.1.3.3<=16.1.4 | 16.1.4.23 |
F5 BIG-IP APM | >=15.1.8<=15.1.10 | 15.1.10.33 |
F5 BIG-IP APM | >=14.1.5.2<=14.1.5.6 | |
F5 BIG-IP APM | =13.1.5.1 | |
F5 APM Clients | >=7.2.3<=7.2.4 | 7.2.4.63 |
F5 F5 Access for Android | =3.0.9 | |
F5 F5 Access for iOS | =3.0.13 | 3.1.03 |
F5 F5 Access for macOS | =2.0.2 | |
F5 F5 Access for Windows | >=1.2<=1.3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-43125 is a vulnerability in BIG-IP APM clients that allows them to send IP traffic outside of the VPN tunnel.
Software versions 14.1.5.2 to 14.1.5.6, 15.1.8 to 15.1.10, 16.1.3.3 to 16.1.4, 13.1.5.1, and 17.1.0 of F5 Big-ip Access Policy Manager, as well as versions 7.2.3 to 7.2.4 of F5 Big-ip Access Policy Manager Client are affected by CVE-2023-43125.
CVE-2023-43125 has a severity score of 8.2 (high).
To fix CVE-2023-43125, upgrade F5 Big-ip Access Policy Manager to a version that is not vulnerable, as specified in the advisory.
More information about CVE-2023-43125 can be found at https://my.f5.com/manage/s/article/K000136909.