7.5
CVE-2023-23552
- EPSS 44.96%
- Veröffentlicht 01.02.2023 18:15:11
- Zuletzt bearbeitet 21.11.2024 07:46:24
- Quelle f5sirt@f5.com
- Teams Watchlist Login
- Unerledigt Login
On versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.0 before 15.1.8, 14.1.x before 14.1.5.3, and all versions of 13.1.x, when a BIG-IP Advanced WAF or BIG-IP ASM security policy is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
F5 ≫ Big-ip Advanced Web Application Firewall Version >= 13.1.0 <= 13.1.5
F5 ≫ Big-ip Advanced Web Application Firewall Version >= 14.1.0 < 14.1.5.3
F5 ≫ Big-ip Advanced Web Application Firewall Version >= 15.1.0 < 15.1.8
F5 ≫ Big-ip Advanced Web Application Firewall Version >= 16.1.0 < 16.1.3.3
F5 ≫ Big-ip Advanced Web Application Firewall Version >= 17.0.0 < 17.0.0.2
F5 ≫ Big-ip Application Security Manager Version >= 13.1.0 <= 13.1.5
F5 ≫ Big-ip Application Security Manager Version >= 14.1.0 < 14.1.5.3
F5 ≫ Big-ip Application Security Manager Version >= 15.1.0 < 15.1.8
F5 ≫ Big-ip Application Security Manager Version >= 16.1.0 < 16.1.3.3
F5 ≫ Big-ip Application Security Manager Version >= 17.0.0 < 17.0.0.2
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 44.96% | 0.975 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
| f5sirt@f5.com | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
CWE-400 Uncontrolled Resource Consumption
The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.