CVE-2023-28742: 
F5 BIG-IP Virtual Edition vulnerability analysis and mitigation

CVE-2023-28742 is a vulnerability discovered in F5's BIG-IP Domain Name System (DNS) iQuery mesh functionality. The vulnerability was disclosed on May 3, 2023, and affects multiple versions of BIG-IP DNS systems. This authenticated remote command execution vulnerability exists when DNS is provisioned (NVD).

The vulnerability has been assigned a CVSS v3.1 base score of 8.8 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. This indicates the vulnerability is network-accessible, requires low attack complexity, needs low-level privileges, and requires no user interaction. The vulnerability is classified under CWE-78 (Improper Neutralization of Special Elements used in an OS Command) (NVD).

The vulnerability affects confidentiality, integrity, and availability, all rated as High impact. If successfully exploited, an attacker could execute remote commands on the affected system with significant system access (NVD).

F5 Networks has released patches for affected versions. Users are advised to upgrade to the following fixed versions: 14.1.5.4, 15.1.8.2, 16.1.3.4, or 17.1.0.1. Note that software versions which have reached End of Technical Support (EoTS) are not evaluated (NVD).