Forum Discussion

Icon for Cirrostratus rank

Cirrostratus

Aug 03, 2023

BIG-IP Configuration utility vulnerability CVE-2023-38138

Can anyone clarify more about this vulnerability? is that mean if we have xxx.com and secure by WAF , one use have admin privilage to xxx.com can expolit this vulnerability? or they mean admin priv...

application delivery

CA_Valli
Aug 03, 2023
Hello THE_BLUE

all CVE's that F5 documents in its Security Advisory series specifically refer to vulnerabilities that affect/compromise F5 products only, in this case BIG-IP.
Any application that runs on-top of the BIG-IP, like an HTTP portal, will not be covered.

So, unless xxx.com resolves to an IP address on the BIG-IP that allows Configuration Utility access (webI or SSH), it shoudn't be considered as an attack vector.

Icon for MVP rank

MVP

Aug 03, 2023

Best thing to protect such kind of vulnerability is "Restricting access to the Configuration utility by source IP/subnet" and make sure you should follow principle of least privilege. Most of the issue will be solved.

Article: https://my.f5.com/manage/s/article/K13309

Thanks,

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming