CVE-2023-42768 : Security Advisory and Response

A detailed overview of the BIG-IP iControl REST vulnerability affecting F5 products.

Understanding CVE-2023-42768

This section provides insight into the nature, impact, and technical details of the CVE.

What is CVE-2023-42768?

The CVE-2023-42768, also known as the BIG-IP iControl REST vulnerability, allows a non-admin user who was previously assigned an administrator role to retain access to iControl REST admin resources even after being reverted back to a non-admin role. It affects F5's BIG-IP products.

The Impact of CVE-2023-42768

The vulnerability poses a high risk, with a CVSSv3.1 base score of 7.2 (High). It can lead to unauthorized access to critical administrative functions, compromising confidentiality, integrity, and availability of the system.

Technical Details of CVE-2023-42768

Learn more about the technical aspects and implications of the CVE.

Vulnerability Description

When a non-admin user retains access to iControl REST admin resources after a role change, potentially resulting in unauthorized access and privilege escalation.

Affected Systems and Versions

Affected Versions: 16.1.0, 15.1.0, 14.1.0, 13.1.0
Unaffected Version: 17.1.0

Exploitation Mechanism

The vulnerability can be exploited by manipulating role assignments through iControl REST PUT requests and subsequent role changes via the Configuration utility, tmsh, or iControl REST.

Mitigation and Prevention

Explore strategies to mitigate the CVE's impact and prevent potential security threats.

Immediate Steps to Take

Ensure prompt action to address the vulnerability and prevent unauthorized access. Consider restricting user roles and monitoring administrative access.

Long-Term Security Practices

Implement strong access controls, regular security audits, and employee training to enhance overall system security and prevent similar incidents.

Patching and Updates

Stay informed about security patches and updates released by F5 to address the vulnerability in affected versions.