CVE-2023-41373: 
F5 BIG-IP Advanced Firewall Manager vulnerability analysis and mitigation

CVE-2023-41373 is a directory traversal vulnerability discovered in the BIG-IP Configuration Utility. The vulnerability was disclosed on October 10, 2023, affecting multiple versions of F5's BIG-IP systems including versions 13.1.0-13.1.5, 14.1.0-14.1.5.6, 15.1.0-15.1.10.2, 16.1.0-16.1.4.1, and 17.1.0-17.1.0.3 (NVD).

The vulnerability exists due to improper validation of user-supplied paths prior to using them in file operations. It has been assigned a CVSS v3.1 base score of 9.9 (CRITICAL) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H, indicating network attack vector, low attack complexity, low privileges required, no user interaction, and high impact on confidentiality, integrity, and availability (ZDI).

A successful exploitation of this vulnerability allows an authenticated attacker to execute commands on the BIG-IP system. For BIG-IP systems running in Appliance mode, the vulnerability can enable an attacker to cross a security boundary, potentially leading to complete system compromise (NVD).

F5 has released security updates to address this vulnerability. Users are advised to upgrade to the patched versions: 14.1.5.6, 15.1.10.2, 16.1.4.1, or 17.1.0.3 (ZDI).