CVE-2023-22326: 
F5 BIG-IP Advanced Firewall Manager vulnerability analysis and mitigation

A vulnerability identified as CVE-2023-22326 affects BIG-IP versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.x before 15.1.8.1, 14.1.x before 14.1.5.3, and all versions of 13.1.x, as well as all versions of BIG-IQ 8.x and 7.1.x. The vulnerability was discovered and initially published on January 13, 2023. It involves incorrect permission assignment vulnerabilities in the iControl REST and TMOS shell (tmsh) dig command (CVE Mitre).

The vulnerability has been assigned a CVSS v3.1 Base Score of 4.9 (MEDIUM) with the vector string CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N. It is classified under CWE-732 (Incorrect Permission Assignment for Critical Resource). The vulnerability specifically affects the permission assignments in the iControl REST and TMOS shell (tmsh) dig command functionality (NVD).

When exploited, this vulnerability allows an authenticated attacker with resource administrator or administrator role privileges to view sensitive information. The impact is primarily focused on confidentiality, with no direct impact on system integrity or availability (NVD).

F5 Networks has released patched versions to address this vulnerability. Users should upgrade to BIG-IP versions 17.0.0.2, 16.1.3.3, 15.1.8.1, or 14.1.5.3 depending on their current version track (NVD).