When a non-admin user has been assigned an administrator role via an iControl REST PUT request and later the user's role is reverted back to a non-admin role via the Configuration utility, tmsh, or iControl REST. BIG-IP non-admin user can still have access to iControl REST admin resource.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Thu, 19 Sep 2024 14:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: f5

Published:

Updated: 2024-09-19T13:36:25.727Z

Reserved: 2023-10-05T19:17:25.744Z

Link: CVE-2023-42768

cve-icon Vulnrichment

Updated: 2024-08-02T19:30:24.134Z

cve-icon NVD

Status : Modified

Published: 2023-10-10T13:15:21.507

Modified: 2024-11-21T08:23:07.307

Link: CVE-2023-42768

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.