Forum Discussion

THE_BLUE's avatar
THE_BLUE
Icon for Cirrostratus rankCirrostratus
Aug 03, 2023

BIG-IP Configuration utility vulnerability CVE-2023-38138

Can anyone clarify more about this vulnerability? is that mean if we have xxx.com and secure by WAF , one use have admin privilage to xxx.com can expolit this vulnerability? or they mean admin priv...
  • CA_Valli's avatar
    Aug 03, 2023

    Hello THE_BLUE 

    all CVE's that F5 documents in its Security Advisory series specifically refer to vulnerabilities that affect/compromise F5 products only, in this case BIG-IP. 
    Any application that runs on-top of the BIG-IP, like an HTTP portal, will not be covered. 

    So, unless xxx.com resolves to an IP address on the BIG-IP that allows Configuration Utility access (webI or SSH), it shoudn't be considered as an attack vector.