CVE-2023-29240

medium

CVSS v3 Base Score

5.4

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

EPSS Score

0.1%

Exploitation probability in 30 days

Top 65% most likely to be exploited

Attack Characteristics

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Confidentiality

None

Integrity

Low

Availability

Low

Published: May 3, 2023 (1106 days ago)

Last Modified: January 27, 2026

Vendor: F5

Description

An authenticated attacker granted a Viewer or Auditor role on a BIG-IQ can upload arbitrary files using an undisclosed iControl REST endpoint. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CWE

CWE-863

Affected Products

f5 big-iq centralized management

References

🔗 my.f5.com 🔗 my.f5.com

CVE-2023-29240

Vulnerability Report

Description

CWE

Affected Products

References