Vulnerability DatabaseCVE-2023-29240

CVE-2023-29240:
F5 BIG-IQ vulnerability analysis and mitigation

Overview

CVE-2023-29240 is a vulnerability affecting F5 BIG-IQ Centralized Management versions 8.x prior to 8.3.0. The vulnerability allows an authenticated attacker with Viewer or Auditor role privileges to upload arbitrary files using an undisclosed iControl REST endpoint (NVD).

Technical details

The vulnerability is classified as CWE-434 (Unrestricted Upload of File with Dangerous Type) and CWE-269 (Improper Privilege Management). It has been assigned a CVSS v3.1 Base Score of 5.4 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L (NVD).

Impact

The successful exploitation of this vulnerability could lead to unauthorized file uploads, potentially compromising system integrity and availability. The CVSS score indicates that while authentication is required, the attack complexity is low and can result in limited impact to both integrity and availability of the system (NVD).

Mitigation and workarounds

Organizations are advised to upgrade to BIG-IQ Centralized Management version 8.3.0 or later to address this vulnerability. Software versions which have reached End of Technical Support (EoTS) are not evaluated (NVD).

Additional resources

Source: This report was generated using AI

Related F5 BIG-IQ vulnerabilities:

CVE ID	Severity	Score	Technologies	Component name	CISA KEV exploit	Has fix	Published date
CVE-2024-24775	HIGH	7.5	F5 BIG-IP Advanced Firewall Manager	cpe:2.3:a:f5:big-ip_application_security_manager	No	Yes	Feb 14, 2024
CVE-2024-23979	HIGH	7.5	F5 BIG-IP Advanced Firewall Manager	cpe:2.3:a:f5:big-ip_local_traffic_manager	No	Yes	Feb 14, 2024
CVE-2024-23314	HIGH	7.5	F5 BIG-IP Advanced Firewall Manager	cpe:2.3:a:f5:big-ip_access_policy_manager	No	Yes	Feb 14, 2024
CVE-2024-23976	MEDIUM	6	F5 BIG-IP Advanced Firewall Manager	cpe:2.3:a:f5:big-ip_domain_name_system	No	Yes	Feb 14, 2024
CVE-2024-47139	MEDIUM	4.8	F5 BIG-IQ	cpe:2.3:a:f5:big-iq_centralized_management	No	Yes	Oct 16, 2024

Free Vulnerability Assessment

Benchmark your Cloud Security Posture

Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.

Request assessment

Additional Wiz resources

Cloud Vulnerability DB

A community-led vulnerabilities database

Cloud Threat Landscape

A threat intelligence database

PEACH

A tenant isolation framework

Get a personalized demo

Ready to see Wiz in action?

"Best User Experience I have ever seen, provides full visibility to cloud workloads."

David EstlickCISO

"Wiz provides a single pane of glass to see what is going on in our cloud environments."

Adam FletcherChief Security Officer

"We know that if Wiz identifies something as critical, it actually is."

Greg PoniatowskiHead of Threat and Vulnerability Management

Get a demo

CVE-2023-29240: F5 BIG-IQ vulnerability analysis and mitigation