Attacker Value
Moderate
CVE-2023-46748
CVE-2023-46748
(Last updated February 01, 2024) ▾
MITRE ATT&CK
Log in to add MITRE ATT&CK tag
Add MITRE ATT&CK tactics and techniques that apply to this CVE.
Description
An authenticated SQL injection vulnerability exists in the BIG-IP Configuration utility which
may allow an authenticated attacker with network access to the Configuration utility through the BIG-IP management port and/or self IP addresses to execute arbitrary system commands.
Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
Add Assessment
1
Technical Analysis
CISA KEV listed
CVSS V3 Severity and Metrics
Data provided by the National Vulnerability Database (NVD)
Base Score:
8.8 High
Impact Score:
5.9
Exploitability Score:
2.8
Attack Vector (AV):
Network
Attack Complexity (AC):
Low
Privileges Required (PR):
Low
User Interaction (UI):
None
Scope (S):
Unchanged
Confidentiality (C):
High
Integrity (I):
High
Availability (A):
High
General Information
Vendors
Products
- big ip access policy manager
- big ip advanced firewall manager
- big ip advanced web application firewall
- big ip analytics
- big ip application acceleration manager
- big ip application security manager
- big ip application visibility and reporting
- big ip automation toolchain
- big ip carrier grade nat
- big ip container ingress services
- big ip ddos hybrid defender
- big ip domain name system
- big ip fraud protection services
- big ip global traffic manager
- big ip link controller
- big ip local traffic manager
- big ip policy enforcement manager
- big ip ssl orchestrator
- big ip webaccelerator
- big ip websafe
Exploited in the Wild
