CVE-2023-23552
Published Feb 1, 2023
Last updated a year ago
Overview
- Description
- On versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.0 before 15.1.8, 14.1.x before 14.1.5.3, and all versions of 13.1.x, when a BIG-IP Advanced WAF or BIG-IP ASM security policy is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
- Source
- f5sirt@f5.com
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 7.5
- Impact score
- 3.6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
- Severity
- HIGH
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "05E452AA-A520-4CBE-8767-147772B69194",
"versionEndIncluding": "13.1.5",
"versionStartIncluding": "13.1.0"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F752D9F2-F68D-4D06-8FB6-50DED0E70EC5",
"versionEndExcluding": "14.1.5.3",
"versionStartIncluding": "14.1.0"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F23755D6-5909-4E1F-9791-2B9527BA33B6",
"versionEndExcluding": "15.1.8",
"versionStartIncluding": "15.1.0"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7164F98A-B139-456A-9C12-BA6747E769FF",
"versionEndExcluding": "16.1.3.3",
"versionStartIncluding": "16.1.0"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A41F489C-3BD3-4E7C-B63E-7159C8EF0103",
"versionEndExcluding": "17.0.0.2",
"versionStartIncluding": "17.0.0"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "922AA845-530A-4B4B-9976-4CBC30C8A324",
"versionEndIncluding": "13.1.5",
"versionStartIncluding": "13.1.0"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "01ED85BB-C6EB-4CFE-BCF0-736E0B415219",
"versionEndExcluding": "14.1.5.3",
"versionStartIncluding": "14.1.0"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "426A5E99-92B8-4066-B15A-D2A72A66E3AA",
"versionEndExcluding": "15.1.8",
"versionStartIncluding": "15.1.0"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "28B27399-D55E-4321-9B25-4685AA643B10",
"versionEndExcluding": "16.1.3.3",
"versionStartIncluding": "16.1.0"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FD5FB958-EDC9-4D39-AE1E-9E77FB5437B4",
"versionEndExcluding": "17.0.0.2",
"versionStartIncluding": "17.0.0"
}
],
"operator": "OR"
}
]
}
]