CVE-2023-22374: 
F5 BIG-IP Advanced Firewall Manager vulnerability analysis and mitigation

CVE-2023-22374 is a format string vulnerability discovered in F5 BIG-IP's iControl SOAP interface. The vulnerability was discovered by Ron Bowes of Rapid7 and reported to F5 on December 6, 2022. It affects multiple versions of F5 BIG-IP products from versions 13.1.5 through 17.0.0 (Rapid7 Blog).

The vulnerability exists in the SOAP interface (iControlPortal.cgi) which runs as root and requires administrative authentication. It allows an attacker to insert format string specifiers (such as %s or %n) into certain GET parameters, which are then passed directly to the syslog() function. The vulnerability has received a CVSS score of 7.5 for standard mode deployments and 8.5 in appliance mode (Rapid7 Blog).

A successful exploitation of this vulnerability could allow an authenticated attacker to crash the iControl SOAP CGI process or potentially execute arbitrary code with root privileges. In appliance mode BIG-IP, a successful exploit can allow the attacker to cross a security boundary (CVE Mitre).

While no official patch was immediately available, F5 indicated that an engineering hotfix would be made available. The primary mitigation strategy is to restrict access to the management port and system's iControl SOAP API to only trusted administrators. Organizations are advised to change the Port Lockdown settings to 'Allow None' for each self IP address in the system to block access to the iControl REST interface (SecMaster Blog).