Vulnerabilities > F5 > BIG IP Domain Name System > 17.1.0.2

DATE CVE VULNERABILITY TITLE RISK
2023-10-26 CVE-2023-46747 Missing Authentication for Critical Function vulnerability in F5 products
Undisclosed requests may bypass configuration utility authentication, allowing an attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
network
low complexity
f5 CWE-306
critical
 9.8
9.8
2023-10-26 CVE-2023-46748 SQL Injection vulnerability in F5 products
An authenticated SQL injection vulnerability exists in the BIG-IP Configuration utility which may allow an authenticated attacker with network access to the Configuration utility through the BIG-IP management port and/or self IP addresses to execute arbitrary system commands.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
network
low complexity
f5 CWE-89
8.8
8.8
2023-10-10 CVE-2023-41373 Path Traversal vulnerability in F5 products
A directory traversal vulnerability exists in the BIG-IP Configuration Utility that may allow an authenticated attacker to execute commands on the BIG-IP system.
network
low complexity
f5 CWE-22
critical
 9.9
9.9