Severity
Medium
Analysis Summary
CVE-2023-43125 CVSS:6.8
F5 BIG-IP could allow a remote attacker from within the local network to bypass security restrictions. An attacker could exploit this vulnerability to send IP traffic outside of the VPN tunnel.
CVE-2023-43124 CVSS:5.3
F5 BIG-IP could allow a remote attacker from within the local network to obtain sensitive information. An attacker could exploit this vulnerability to send IP traffic outside of the VPN tunnel.
Impact
- Security Bypass
- Information Disclosure
Indicators Of Compromise
CVE
- CVE-2023-43125
- CVE-2023-43124
Affected Vendors
F5
Affected Products
- F5 BIG-IP APM 13.0.0
- F5 BIG-IP APM 14.0.0
- F5 BIG-IP APM 15.0.0
- F5 BIG-IP APM 16.0.0
Remediation
Refer to F5 Security Advisory for patch, upgrade or suggested workaround information.