CVE-2023-41373
📋 TL;DR
This CVE describes a directory traversal vulnerability in the BIG-IP Configuration Utility that allows authenticated attackers to execute arbitrary commands on the BIG-IP system. In Appliance mode, successful exploitation can allow attackers to cross security boundaries. This affects F5 BIG-IP systems with vulnerable versions of the Configuration Utility.
💻 Affected Systems
- F5 BIG-IP
📦 What is this software?
Big Ip Advanced Web Application Firewall by F5
View all CVEs affecting Big Ip Advanced Web Application Firewall →
Big Ip Advanced Web Application Firewall by F5
View all CVEs affecting Big Ip Advanced Web Application Firewall →
Big Ip Advanced Web Application Firewall by F5
View all CVEs affecting Big Ip Advanced Web Application Firewall →
Big Ip Advanced Web Application Firewall by F5
View all CVEs affecting Big Ip Advanced Web Application Firewall →
Big Ip Advanced Web Application Firewall by F5
View all CVEs affecting Big Ip Advanced Web Application Firewall →
Big Ip Application Acceleration Manager by F5
View all CVEs affecting Big Ip Application Acceleration Manager →
Big Ip Application Acceleration Manager by F5
View all CVEs affecting Big Ip Application Acceleration Manager →
Big Ip Application Acceleration Manager by F5
View all CVEs affecting Big Ip Application Acceleration Manager →
Big Ip Application Acceleration Manager by F5
View all CVEs affecting Big Ip Application Acceleration Manager →
Big Ip Application Acceleration Manager by F5
View all CVEs affecting Big Ip Application Acceleration Manager →
Big Ip Application Security Manager by F5
View all CVEs affecting Big Ip Application Security Manager →
Big Ip Application Security Manager by F5
View all CVEs affecting Big Ip Application Security Manager →
Big Ip Application Security Manager by F5
View all CVEs affecting Big Ip Application Security Manager →
Big Ip Application Security Manager by F5
View all CVEs affecting Big Ip Application Security Manager →
Big Ip Application Security Manager by F5
View all CVEs affecting Big Ip Application Security Manager →
Big Ip Application Visibility And Reporting by F5
View all CVEs affecting Big Ip Application Visibility And Reporting →
Big Ip Application Visibility And Reporting by F5
View all CVEs affecting Big Ip Application Visibility And Reporting →
Big Ip Application Visibility And Reporting by F5
View all CVEs affecting Big Ip Application Visibility And Reporting →
Big Ip Application Visibility And Reporting by F5
View all CVEs affecting Big Ip Application Visibility And Reporting →
⚠️ Risk & Real-World Impact
Worst Case
Full system compromise with root-level command execution, allowing attackers to steal sensitive data, deploy ransomware, pivot to other network segments, and maintain persistent access.
Likely Case
Authenticated attackers gaining command execution capabilities to exfiltrate configuration data, modify network settings, or deploy backdoors for future access.
If Mitigated
Limited impact due to network segmentation, strong authentication controls, and monitoring that detects and blocks exploitation attempts.
🎯 Exploit Status
Requires authenticated access but directory traversal to command execution is straightforward once authenticated.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Refer to F5 advisory K000135689 for specific fixed versions
Vendor Advisory: https://my.f5.com/manage/s/article/K000135689
Restart Required: Yes
Instructions:
1. Review F5 advisory K000135689 for affected versions. 2. Upgrade to fixed versions per F5's guidance. 3. Apply patches during maintenance windows. 4. Restart BIG-IP services as required. 5. Verify the fix using version checks.
🔧 Temporary Workarounds
Restrict Configuration Utility Access
allLimit access to the BIG-IP Configuration Utility to only trusted administrative networks and users.
Configure network ACLs to restrict access to BIG-IP management interfaces
Implement strong authentication and MFA for all administrative accounts
Network Segmentation
allIsolate BIG-IP management interfaces from general network traffic.
Implement VLAN segmentation for management networks
Configure firewall rules to restrict management traffic
🧯 If You Can't Patch
- Implement strict network access controls to limit BIG-IP Configuration Utility access to only necessary administrative IPs
- Enable detailed logging and monitoring for Configuration Utility access and file system operations
🔍 How to Verify
Check if Vulnerable:
Check your BIG-IP version against the affected versions listed in F5 advisory K000135689Check Version:
tmsh show sys versionVerify Fix Applied:
Verify BIG-IP version is updated to a fixed version listed in the F5 advisory📡 Detection & Monitoring
Log Indicators:
- Unusual file path access patterns in Configuration Utility logs
- Unexpected command execution events
- Authentication attempts followed by directory traversal patterns
Network Indicators:
- Unusual traffic to BIG-IP management interfaces from unexpected sources
- Patterns of directory traversal attempts in HTTP requests
SIEM Query:
source="bigip_logs" AND ("directory traversal" OR "path traversal" OR "../" patterns in URI)