CVE-2023-28406

MEDIUM

BIG-IP 13.1.0-13.1.5 - Authenticated Path Traversal in Configuration Utility

Title source: llm
STIX 2.1

Description

A directory traversal vulnerability exists in an undisclosed page of the BIG-IP Configuration utility which may allow an authenticated attacker to read files with .xml extension. Access to restricted information is limited and the attacker does not control what information is obtained.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

References (1)

Core 1
Core References
Vendor Advisory vendor-advisory
https://my.f5.com/manage/s/article/K000132768

Scores

CVSS v3 4.3
EPSS 0.0061
EPSS Percentile 69.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-22
Status published
Products (19)
f5/big-ip_access_policy_manager 13.1.0 - 13.1.5
f5/big-ip_advanced_firewall_manager 13.1.0 - 13.1.5
f5/big-ip_advanced_web_application_firewall 13.1.0 - 13.1.5
f5/big-ip_analytics 13.1.0 - 13.1.5
f5/big-ip_application_acceleration_manager 13.1.0 - 13.1.5
f5/big-ip_application_security_manager 13.1.0 - 13.1.5
f5/big-ip_application_visibility_and_reporting 13.1.0 - 13.1.5
f5/big-ip_carrier-grade_nat 13.1.0 - 13.1.5
f5/big-ip_ddos_hybrid_defender 13.1.0 - 13.1.5
f5/big-ip_domain_name_system 13.1.0 - 13.1.5
... and 9 more
Published May 03, 2023
Tracked Since Feb 18, 2026