CVE-2023-23552

high-risk

Published 2023-02-01

On versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.0 before 15.1.8, 14.1.x before 14.1.5.3, and all versions of 13.1.x, when a BIG-IP Advanced WAF or BIG-IP ASM security policy is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Do I need to act?

63.3% chance of exploitation in next 30 days

EPSS score — higher than 37% of all CVEs

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.5/10 High

NETWORK / LOW complexity

Affected Products (2)

Big-Ip Advanced Web Application Firewall

Big-Ip Application Security Manager

Affected Vendors

References (2)

Vendor Advisory https://my.f5.com/manage/s/article/K17542533

/ 100

high-risk

Severity 26/34 · High

Exploitability 19/34 · Moderate

Exposure 7/34 · Low