CVE-2023-23555 - Vulnerability Details

Vendors	Products
F5	Big-ip Access Policy Manager Big-ip Advanced Firewall Manager Big-ip Analytics Big-ip Application Acceleration Manager Big-ip Application Security Manager Big-ip Ddos Hybrid Defender Big-ip Domain Name System Big-ip Fraud Protection Service Big-ip Link Controller Big-ip Local Traffic Manager Big-ip Policy Enforcement Manager Big-ip Service Proxy Big-ip Ssl Orchestrator

Link	Providers
https://my.f5.com/manage/s/article/K24572686

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Show plain JSON

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-23555", "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab", "state": "PUBLISHED", "assignerShortName": "f5", "dateReserved": "2023-01-13T06:43:46.147Z", "datePublished": "2023-02-01T17:57:02.731Z", "dateUpdated": "2025-03-26T15:59:59.546Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unknown", "modules": ["All modules"], "product": "BIG-IP", "vendor": "F5", "versions": [{"lessThan": "15.1.8", "status": "affected", "version": "15.1.4", "versionType": "semver"}, {"lessThan": "14.1.5.3", "status": "affected", "version": "14.1.5", "versionType": "semver"}]}, {"defaultStatus": "unknown", "product": "BIG-IP SPK", "vendor": "F5", "versions": [{"lessThan": "1.6.0", "status": "affected", "version": "1.5.0", "versionType": "semver"}]}], "datePublic": "2023-02-01T15:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "On BIG-IP Virtual Edition versions 15.1x beginning in 15.1.4 to before 15.1.8 and 14.1.x beginning in 14.1.5 to before 14.1.5.3, and BIG-IP SPK beginning in 1.5.0 to before 1.6.0, when FastL4 profile is configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.<br>"}], "value": "On BIG-IP Virtual Edition versions 15.1x beginning in 15.1.4 to before 15.1.8 and 14.1.x beginning in 14.1.5 to before 14.1.5.3, and BIG-IP SPK beginning in 1.5.0 to before 1.6.0, when FastL4 profile is configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-665", "description": "CWE-665 Improper Initialization", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab", "shortName": "f5", "dateUpdated": "2023-02-01T17:57:02.731Z"}, "references": [{"url": "https://my.f5.com/manage/s/article/K24572686"}], "source": {"discovery": "INTERNAL"}, "title": "BIG-IP Virtual Edition vulnerability", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T10:35:33.615Z"}, "title": "CVE Program Container", "references": [{"url": "https://my.f5.com/manage/s/article/K24572686", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-03-26T15:56:12.818627Z", "id": "CVE-2023-23555", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-26T15:59:59.546Z"}}]}}

{

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

cveMetadata : { »

cveId : CVE-2023-23555 (string)

assignerOrgId : 9dacffd4-cb11-413f-8451-fbbfd4ddc0ab (string)

state : PUBLISHED (string)

assignerShortName : f5 (string)

dateReserved : 2023-01-13T06:43:46.147Z (string)

datePublished : 2023-02-01T17:57:02.731Z (string)

dateUpdated : 2025-03-26T15:59:59.546Z (string)

}

containers : { »

cna : { »

affected : [ »

0 : { »

defaultStatus : unknown (string)

modules : [ »

0 : All modules (string)

]

product : BIG-IP (string)

vendor : F5 (string)

versions : [ »

0 : { »

lessThan : 15.1.8 (string)

status : affected (string)

version : 15.1.4 (string)

versionType : semver (string)

}

1 : { »

lessThan : 14.1.5.3 (string)

status : affected (string)

version : 14.1.5 (string)

versionType : semver (string)

}

]

}

1 : { »

defaultStatus : unknown (string)

product : BIG-IP SPK (string)

vendor : F5 (string)

versions : [ »

0 : { »

lessThan : 1.6.0 (string)

status : affected (string)

version : 1.5.0 (string)

versionType : semver (string)

}

]

}

]

datePublic : 2023-02-01T15:00:00.000Z (string)

descriptions : [ »

0 : { »

lang : en (string)

supportingMedia : [ »

0 : { »

base64 : false (boolean)

type : text/html (string)

value : On BIG-IP Virtual Edition versions 15.1x beginning in 15.1.4 to before 15.1.8 and 14.1.x beginning in 14.1.5 to before 14.1.5.3, and BIG-IP SPK beginning in 1.5.0 to before 1.6.0, when FastL4 profile is configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.<br> (string)

}

]

value : On BIG-IP Virtual Edition versions 15.1x beginning in 15.1.4 to before 15.1.8 and 14.1.x beginning in 14.1.5 to before 14.1.5.3, and BIG-IP SPK beginning in 1.5.0 to before 1.6.0, when FastL4 profile is configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. (string)

}

]

metrics : [ »

0 : { »

cvssV3_1 : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : HIGH (string)

baseScore : 7.5 (number)

baseSeverity : HIGH (string)

confidentialityImpact : NONE (string)

integrityImpact : NONE (string)

privilegesRequired : NONE (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H (string)

version : 3.1 (string)

}

format : CVSS (string)

scenarios : [ »

0 : { »

lang : en (string)

value : GENERAL (string)

}

]

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

cweId : CWE-665 (string)

description : CWE-665 Improper Initialization (string)

lang : en (string)

type : CWE (string)

}

]

}

]

providerMetadata : { »

orgId : 9dacffd4-cb11-413f-8451-fbbfd4ddc0ab (string)

shortName : f5 (string)

dateUpdated : 2023-02-01T17:57:02.731Z (string)

}

references : [ »

0 : { »

url : https://my.f5.com/manage/s/article/K24572686 (string)

}

]

source : { »

discovery : INTERNAL (string)

}

title : BIG-IP Virtual Edition vulnerability (string)

x_generator : { »

engine : Vulnogram 0.1.0-dev (string)

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-02T10:35:33.615Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

url : https://my.f5.com/manage/s/article/K24572686 (string)

tags : [ »

0 : x_transferred (string)

]

}

]

}

1 : { »

metrics : [ »

0 : { »

other : { »

type : ssvc (string)

content : { »

timestamp : 2025-03-26T15:56:12.818627Z (string)

id : CVE-2023-23555 (string)

options : [ »

0 : { »

Exploitation : none (string)

}

1 : { »

Automatable : no (string)

}

2 : { »

Technical Impact : partial (string)

}

]

role : CISA Coordinator (string)

version : 2.0.3 (string)

}

]

title : CISA ADP Vulnrichment (string)

providerMetadata : { »

orgId : 134c704f-9b21-4f2e-91b3-4a467353bcc0 (string)

shortName : CISA-ADP (string)

dateUpdated : 2025-03-26T15:59:59.546Z (string)

}

]

}

Show plain JSON

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://my.f5.com/manage/s/article/K24572686", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T10:35:33.615Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-23555", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-03-26T15:56:12.818627Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-26T15:56:18.192Z"}}], "cna": {"title": "BIG-IP Virtual Edition vulnerability", "source": {"discovery": "INTERNAL"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "F5", "modules": ["All modules"], "product": "BIG-IP", "versions": [{"status": "affected", "version": "15.1.4", "lessThan": "15.1.8", "versionType": "semver"}, {"status": "affected", "version": "14.1.5", "lessThan": "14.1.5.3", "versionType": "semver"}], "defaultStatus": "unknown"}, {"vendor": "F5", "product": "BIG-IP SPK", "versions": [{"status": "affected", "version": "1.5.0", "lessThan": "1.6.0", "versionType": "semver"}], "defaultStatus": "unknown"}], "datePublic": "2023-02-01T15:00:00.000Z", "references": [{"url": "https://my.f5.com/manage/s/article/K24572686"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "On BIG-IP Virtual Edition versions 15.1x beginning in 15.1.4 to before 15.1.8 and 14.1.x beginning in 14.1.5 to before 14.1.5.3, and BIG-IP SPK beginning in 1.5.0 to before 1.6.0, when FastL4 profile is configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.\n", "supportingMedia": [{"type": "text/html", "value": "On BIG-IP Virtual Edition versions 15.1x beginning in 15.1.4 to before 15.1.8 and 14.1.x beginning in 14.1.5 to before 14.1.5.3, and BIG-IP SPK beginning in 1.5.0 to before 1.6.0, when FastL4 profile is configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.<br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-665", "description": "CWE-665 Improper Initialization"}]}], "providerMetadata": {"orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab", "shortName": "f5", "dateUpdated": "2023-02-01T17:57:02.731Z"}}}, "cveMetadata": {"cveId": "CVE-2023-23555", "state": "PUBLISHED", "dateUpdated": "2025-03-26T15:59:59.546Z", "dateReserved": "2023-01-13T06:43:46.147Z", "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab", "datePublished": "2023-02-01T17:57:02.731Z", "assignerShortName": "f5"}, "dataVersion": "5.1"}

{

dataType : CVE_RECORD (string)

containers : { »

adp : [ »

0 : { »

title : CVE Program Container (string)

references : [ »

0 : { »

url : https://my.f5.com/manage/s/article/K24572686 (string)

tags : [ »

0 : x_transferred (string)

]

}

]

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-02T10:35:33.615Z (string)

}

1 : { »

title : CISA ADP Vulnrichment (string)

metrics : [ »

0 : { »

other : { »

type : ssvc (string)

content : { »

id : CVE-2023-23555 (string)

role : CISA Coordinator (string)

options : [ »

0 : { »

Exploitation : none (string)

}

1 : { »

Automatable : no (string)

}

2 : { »

Technical Impact : partial (string)

}

]

version : 2.0.3 (string)

timestamp : 2025-03-26T15:56:12.818627Z (string)

}

]

providerMetadata : { »

orgId : 134c704f-9b21-4f2e-91b3-4a467353bcc0 (string)

shortName : CISA-ADP (string)

dateUpdated : 2025-03-26T15:56:18.192Z (string)

}

]

cna : { »

title : BIG-IP Virtual Edition vulnerability (string)

source : { »

discovery : INTERNAL (string)

}

metrics : [ »

0 : { »

format : CVSS (string)

cvssV3_1 : { »

scope : UNCHANGED (string)

version : 3.1 (string)

baseScore : 7.5 (number)

attackVector : NETWORK (string)

baseSeverity : HIGH (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H (string)

integrityImpact : NONE (string)

userInteraction : NONE (string)

attackComplexity : LOW (string)

availabilityImpact : HIGH (string)

privilegesRequired : NONE (string)

confidentialityImpact : NONE (string)

}

scenarios : [ »

0 : { »

lang : en (string)

value : GENERAL (string)

}

]

}

]

affected : [ »

0 : { »

vendor : F5 (string)

modules : [ »

0 : All modules (string)

]

product : BIG-IP (string)

versions : [ »

0 : { »

status : affected (string)

version : 15.1.4 (string)

lessThan : 15.1.8 (string)

versionType : semver (string)

}

1 : { »

status : affected (string)

version : 14.1.5 (string)

lessThan : 14.1.5.3 (string)

versionType : semver (string)

}

]

defaultStatus : unknown (string)

}

1 : { »

vendor : F5 (string)

product : BIG-IP SPK (string)

versions : [ »

0 : { »

status : affected (string)

version : 1.5.0 (string)

lessThan : 1.6.0 (string)

versionType : semver (string)

}

]

defaultStatus : unknown (string)

}

]

datePublic : 2023-02-01T15:00:00.000Z (string)

references : [ »

0 : { »

url : https://my.f5.com/manage/s/article/K24572686 (string)

}

]

x_generator : { »

engine : Vulnogram 0.1.0-dev (string)

}

descriptions : [ »

0 : { »

lang : en (string)

value : On BIG-IP Virtual Edition versions 15.1x beginning in 15.1.4 to before 15.1.8 and 14.1.x beginning in 14.1.5 to before 14.1.5.3, and BIG-IP SPK beginning in 1.5.0 to before 1.6.0, when FastL4 profile is configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. (string)

supportingMedia : [ »

0 : { »

type : text/html (string)

value : On BIG-IP Virtual Edition versions 15.1x beginning in 15.1.4 to before 15.1.8 and 14.1.x beginning in 14.1.5 to before 14.1.5.3, and BIG-IP SPK beginning in 1.5.0 to before 1.6.0, when FastL4 profile is configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.<br> (string)

base64 : false (boolean)

}

]

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

lang : en (string)

type : CWE (string)

cweId : CWE-665 (string)

description : CWE-665 Improper Initialization (string)

}

]

}

]

providerMetadata : { »

orgId : 9dacffd4-cb11-413f-8451-fbbfd4ddc0ab (string)

shortName : f5 (string)

dateUpdated : 2023-02-01T17:57:02.731Z (string)

}

cveMetadata : { »

cveId : CVE-2023-23555 (string)

state : PUBLISHED (string)

dateUpdated : 2025-03-26T15:59:59.546Z (string)

dateReserved : 2023-01-13T06:43:46.147Z (string)

assignerOrgId : 9dacffd4-cb11-413f-8451-fbbfd4ddc0ab (string)

datePublished : 2023-02-01T17:57:02.731Z (string)

assignerShortName : f5 (string)

}

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "39A7468F-D055-4BE9-A38E-345097F5F766", "versionEndExcluding": "14.1.5.3", "versionStartIncluding": "14.1.5", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "F3FFD055-5630-4E5A-9794-98C3992F3A46", "versionEndExcluding": "15.1.8", "versionStartIncluding": "15.1.4", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "32967914-8929-4C9B-BE94-02F7417C51D4", "versionEndExcluding": "14.1.5.3", "versionStartIncluding": "14.1.5", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "C8B99C34-C4CF-4C21-B0FC-6FD8BE0EEFDA", "versionEndExcluding": "15.1.8", "versionStartIncluding": "15.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", "matchCriteriaId": "73403719-B052-43C5-BBDB-60E161D667A6", "versionEndExcluding": "14.1.5.3", "versionStartIncluding": "14.1.5", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", "matchCriteriaId": "8A85708A-AA27-47F3-833C-68CFB607CCBD", "versionEndExcluding": "15.1.8", "versionStartIncluding": "15.1.4", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "05600DF3-0597-431E-8493-B3AD24E277D3", "versionEndExcluding": "14.1.5.3", "versionStartIncluding": "14.1.5", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "E96651D4-25AA-477E-A1BB-10C3EB145100", "versionEndExcluding": "15.1.8", "versionStartIncluding": "15.1.4", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "BBDDC238-2CE8-4403-85CF-57A6B6B10D6A", "versionEndExcluding": "14.1.5.3", "versionStartIncluding": "14.1.5", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "FF4944D4-FBAC-4933-B88F-0E2D7D720BEC", "versionEndExcluding": "15.1.8", "versionStartIncluding": "15.1.4", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*", "matchCriteriaId": "56574410-3F67-4395-BB07-A3F695C668AA", "versionEndExcluding": "14.1.5.3", "versionStartIncluding": "14.1.5", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*", "matchCriteriaId": "5D47624E-5356-4BB0-81D9-563AEADCC555", "versionEndExcluding": "15.1.8", "versionStartIncluding": "15.1.4", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", "matchCriteriaId": "33DFB1CD-CF27-4AA1-A987-D6ADA4302876", "versionEndExcluding": "14.1.5.3", "versionStartIncluding": "14.1.5", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", "matchCriteriaId": "91F7E6BE-5CCB-4C4B-AD2E-5104CD435E57", "versionEndExcluding": "15.1.8", "versionStartIncluding": "15.1.4", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*", "matchCriteriaId": "E2A5EC1B-A8D3-48FF-92C0-94DEB30FB926", "versionEndExcluding": "14.1.5.3", "versionStartIncluding": "14.1.5", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*", "matchCriteriaId": "EFC7975E-FE61-4A03-8509-363D96A7F2F5", "versionEndExcluding": "15.1.8", "versionStartIncluding": "15.1.4", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", "matchCriteriaId": "5056FEA7-7580-4695-A596-AE586B8109A0", "versionEndExcluding": "14.1.5.3", "versionStartIncluding": "14.1.5", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", "matchCriteriaId": "2616EBC0-8799-455D-A15C-C6695ADE1FE1", "versionEndExcluding": "15.1.8", "versionStartIncluding": "15.1.4", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "B8381532-304A-4AB0-9238-A9576E0A02DA", "versionEndExcluding": "14.1.5.3", "versionStartIncluding": "14.1.5", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "4A72311A-5FFD-45EE-A695-05C194811200", "versionEndExcluding": "15.1.8", "versionStartIncluding": "15.1.4", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "DD837287-803C-4DB2-99E5-3FA25A0EC0D1", "versionEndExcluding": "14.1.5.3", "versionStartIncluding": "14.1.5", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "D1667386-FCA0-4BB5-B9EE-681C47094686", "versionEndExcluding": "15.1.8", "versionStartIncluding": "15.1.4", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*", "matchCriteriaId": "96D3993F-0F0F-4526-B239-4A969F72B49C", "versionEndExcluding": "14.1.5.3", "versionStartIncluding": "14.1.5", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*", "matchCriteriaId": "90EA2614-5E26-4137-B045-C3B941D8B1E4", "versionEndExcluding": "15.1.8", "versionStartIncluding": "15.1.4", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:f5:big-ip_service_proxy:*:*:*:*:*:kubernetes:*:*", "matchCriteriaId": "98A20252-4A37-4A47-B288-7C51D7C21989", "versionEndExcluding": "1.6.0", "versionStartIncluding": "1.5.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "On BIG-IP Virtual Edition versions 15.1x beginning in 15.1.4 to before 15.1.8 and 14.1.x beginning in 14.1.5 to before 14.1.5.3, and BIG-IP SPK beginning in 1.5.0 to before 1.6.0, when FastL4 profile is configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.\n"}], "id": "CVE-2023-23555", "lastModified": "2024-11-21T07:46:24.737", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "f5sirt@f5.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-02-01T18:15:11.973", "references": [{"source": "f5sirt@f5.com", "tags": ["Vendor Advisory"], "url": "https://my.f5.com/manage/s/article/K24572686"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://my.f5.com/manage/s/article/K24572686"}], "sourceIdentifier": "f5sirt@f5.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-665"}], "source": "f5sirt@f5.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-665"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 39A7468F-D055-4BE9-A38E-345097F5F766 (string)

versionEndExcluding : 14.1.5.3 (string)

versionStartIncluding : 14.1.5 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:* (string)

matchCriteriaId : F3FFD055-5630-4E5A-9794-98C3992F3A46 (string)

versionEndExcluding : 15.1.8 (string)

versionStartIncluding : 15.1.4 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 32967914-8929-4C9B-BE94-02F7417C51D4 (string)

versionEndExcluding : 14.1.5.3 (string)

versionStartIncluding : 14.1.5 (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:* (string)

matchCriteriaId : C8B99C34-C4CF-4C21-B0FC-6FD8BE0EEFDA (string)

versionEndExcluding : 15.1.8 (string)

versionStartIncluding : 15.1.0 (string)

vulnerable : true (boolean)

}

4 : { »

criteria : cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 73403719-B052-43C5-BBDB-60E161D667A6 (string)

versionEndExcluding : 14.1.5.3 (string)

versionStartIncluding : 14.1.5 (string)

vulnerable : true (boolean)

}

5 : { »

criteria : cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 8A85708A-AA27-47F3-833C-68CFB607CCBD (string)

versionEndExcluding : 15.1.8 (string)

versionStartIncluding : 15.1.4 (string)

vulnerable : true (boolean)

}

6 : { »

criteria : cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 05600DF3-0597-431E-8493-B3AD24E277D3 (string)

versionEndExcluding : 14.1.5.3 (string)

versionStartIncluding : 14.1.5 (string)

vulnerable : true (boolean)

}

7 : { »

criteria : cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:* (string)

matchCriteriaId : E96651D4-25AA-477E-A1BB-10C3EB145100 (string)

versionEndExcluding : 15.1.8 (string)

versionStartIncluding : 15.1.4 (string)

vulnerable : true (boolean)

}

8 : { »

criteria : cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:* (string)

matchCriteriaId : BBDDC238-2CE8-4403-85CF-57A6B6B10D6A (string)

versionEndExcluding : 14.1.5.3 (string)

versionStartIncluding : 14.1.5 (string)

vulnerable : true (boolean)

}

9 : { »

criteria : cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:* (string)

matchCriteriaId : FF4944D4-FBAC-4933-B88F-0E2D7D720BEC (string)

versionEndExcluding : 15.1.8 (string)

versionStartIncluding : 15.1.4 (string)

vulnerable : true (boolean)

}

10 : { »

criteria : cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 56574410-3F67-4395-BB07-A3F695C668AA (string)

versionEndExcluding : 14.1.5.3 (string)

versionStartIncluding : 14.1.5 (string)

vulnerable : true (boolean)

}

11 : { »

criteria : cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 5D47624E-5356-4BB0-81D9-563AEADCC555 (string)

versionEndExcluding : 15.1.8 (string)

versionStartIncluding : 15.1.4 (string)

vulnerable : true (boolean)

}

12 : { »

criteria : cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 33DFB1CD-CF27-4AA1-A987-D6ADA4302876 (string)

versionEndExcluding : 14.1.5.3 (string)

versionStartIncluding : 14.1.5 (string)

vulnerable : true (boolean)

}

13 : { »

criteria : cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 91F7E6BE-5CCB-4C4B-AD2E-5104CD435E57 (string)

versionEndExcluding : 15.1.8 (string)

versionStartIncluding : 15.1.4 (string)

vulnerable : true (boolean)

}

14 : { »

criteria : cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:* (string)

matchCriteriaId : E2A5EC1B-A8D3-48FF-92C0-94DEB30FB926 (string)

versionEndExcluding : 14.1.5.3 (string)

versionStartIncluding : 14.1.5 (string)

vulnerable : true (boolean)

}

15 : { »

criteria : cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:* (string)

matchCriteriaId : EFC7975E-FE61-4A03-8509-363D96A7F2F5 (string)

versionEndExcluding : 15.1.8 (string)

versionStartIncluding : 15.1.4 (string)

vulnerable : true (boolean)

}

16 : { »

criteria : cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 5056FEA7-7580-4695-A596-AE586B8109A0 (string)

versionEndExcluding : 14.1.5.3 (string)

versionStartIncluding : 14.1.5 (string)

vulnerable : true (boolean)

}

17 : { »

criteria : cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 2616EBC0-8799-455D-A15C-C6695ADE1FE1 (string)

versionEndExcluding : 15.1.8 (string)

versionStartIncluding : 15.1.4 (string)

vulnerable : true (boolean)

}

18 : { »

criteria : cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:* (string)

matchCriteriaId : B8381532-304A-4AB0-9238-A9576E0A02DA (string)

versionEndExcluding : 14.1.5.3 (string)

versionStartIncluding : 14.1.5 (string)

vulnerable : true (boolean)

}

19 : { »

criteria : cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 4A72311A-5FFD-45EE-A695-05C194811200 (string)

versionEndExcluding : 15.1.8 (string)

versionStartIncluding : 15.1.4 (string)

vulnerable : true (boolean)

}

20 : { »

criteria : cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:* (string)

matchCriteriaId : DD837287-803C-4DB2-99E5-3FA25A0EC0D1 (string)

versionEndExcluding : 14.1.5.3 (string)

versionStartIncluding : 14.1.5 (string)

vulnerable : true (boolean)

}

21 : { »

criteria : cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:* (string)

matchCriteriaId : D1667386-FCA0-4BB5-B9EE-681C47094686 (string)

versionEndExcluding : 15.1.8 (string)

versionStartIncluding : 15.1.4 (string)

vulnerable : true (boolean)

}

22 : { »

criteria : cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 96D3993F-0F0F-4526-B239-4A969F72B49C (string)

versionEndExcluding : 14.1.5.3 (string)

versionStartIncluding : 14.1.5 (string)

vulnerable : true (boolean)

}

23 : { »

criteria : cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 90EA2614-5E26-4137-B045-C3B941D8B1E4 (string)

versionEndExcluding : 15.1.8 (string)

versionStartIncluding : 15.1.4 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

1 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:f5:big-ip_service_proxy:*:*:*:*:*:kubernetes:*:* (string)

matchCriteriaId : 98A20252-4A37-4A47-B288-7C51D7C21989 (string)

versionEndExcluding : 1.6.0 (string)

versionStartIncluding : 1.5.0 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : On BIG-IP Virtual Edition versions 15.1x beginning in 15.1.4 to before 15.1.8 and 14.1.x beginning in 14.1.5 to before 14.1.5.3, and BIG-IP SPK beginning in 1.5.0 to before 1.6.0, when FastL4 profile is configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. (string)

}

]

id : CVE-2023-23555 (string)

lastModified : 2024-11-21T07:46:24.737 (string)

metrics : { »

cvssMetricV31 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : HIGH (string)

baseScore : 7.5 (number)

baseSeverity : HIGH (string)

confidentialityImpact : NONE (string)

integrityImpact : NONE (string)

privilegesRequired : NONE (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H (string)

version : 3.1 (string)

}

exploitabilityScore : 3.9 (number)

impactScore : 3.6 (number)

source : f5sirt@f5.com (string)

type : Secondary (string)

}

1 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : HIGH (string)

baseScore : 7.5 (number)

baseSeverity : HIGH (string)

confidentialityImpact : NONE (string)

integrityImpact : NONE (string)

privilegesRequired : NONE (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H (string)

version : 3.1 (string)

}

exploitabilityScore : 3.9 (number)

impactScore : 3.6 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2023-02-01T18:15:11.973 (string)

references : [ »

0 : { »

source : f5sirt@f5.com (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://my.f5.com/manage/s/article/K24572686 (string)

}

1 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://my.f5.com/manage/s/article/K24572686 (string)

}

]

sourceIdentifier : f5sirt@f5.com (string)

vulnStatus : Modified (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-665 (string)

}

]

source : f5sirt@f5.com (string)

type : Secondary (string)

}

1 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-665 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object