A format string vulnerability exists in iControl SOAP that allows an authenticated attacker to crash the iControl SOAP CGI process or,…
f5·CWE-134·Published 2023-02-01
A format string vulnerability exists in iControl SOAP that allows an authenticated attacker to crash the iControl SOAP CGI process or, potentially execute arbitrary code. In appliance mode BIG-IP, a successful exploit of this vulnerability can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
A format string vulnerability exists in iControl SOAP that allows an authenticated attacker to crash the iControl SOAP CGI process or, potentially execute arbitrary code. In appliance mode BIG-IP, a successful exploit of this vulnerability can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Existe una vulnerabilidad de cadena de formato en iControl SOAP que permite a un atacante autenticado bloquear el proceso CGI de iControl SOAP o, potencialmente, ejecutar código arbitrario. En el modo de dispositivo BIG-IP, una explotación exitosa de esta vulnerabilidad puede permitir al atacante cruzar un límite de seguridad. Nota: Las versiones de software que han llegado al final del soporte técnico (EoTS) no se evalúan.
| Version | Type | Source | Base | Exp | Impact | Vector |
|---|---|---|---|---|---|---|
| 3.1 | Primary | cve.org | 8.5 | — | — | CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H |
| 3.1 | Secondary | NVD | 8.5 | 1.8 | 6.0 | CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H |
| 3.1 | Secondary | NVD | 8.5 | 1.8 | 6.0 | CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H |