{"$ref":"https://www.cert.ssi.gouv.fr/openapi.json","affected_systems":[],"affected_systems_content":"<ul> <li>F5 BIG-IP (tous modules) versions 17.0.0.x ant\u00e9rieures \u00e0 17.0.0.2</li> <li>F5 BIG-IP (tous modules) versions 16.1.x ant\u00e9rieures \u00e0\u00a016.1.3.3</li> <li>F5 BIG-IP (tous modules) versions 15.1.x ant\u00e9rieures \u00e0 15.1.8.1</li> <li>F5 BIG-IP (tous modules) versions 14.1.x ant\u00e9rieures \u00e0\u00a014.1.5.3</li> <li>BIG-IP APM Clients\u00a0versions 7.2.x ant\u00e9rieures \u00e0\u00a07.2.31</li> <li>BIG-IP SPK version 1.6.0</li> </ul> <p>F5 indique ne pas avoir publi\u00e9 de correctif de s\u00e9curit\u00e9 pour la vuln\u00e9rabilit\u00e9 CVE-2023-22374. Toutefois des mesures de contournement ainsi qu'un correctif temporaire sont disponibles. Cette vuln\u00e9rabilit\u00e9 permet \u00e0 un attaquant authentifi\u00e9 d'effectuer un d\u00e9ni de service et possiblement d'ex\u00e9cuter du code arbitraire \u00e0 distance.</p> <p>Des d\u00e9tails concernant cette vuln\u00e9rabilit\u00e9 ont \u00e9t\u00e9 publi\u00e9s en source ouverte. Le CERT-FR anticipe donc que des preuves de concept seront rapidement disponibles publiquement, au moins en ce qui concerne le d\u00e9ni de service.</p> ","content":"## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l'\u00e9diteur pour l'obtention des\ncorrectifs (cf. section Documentation).\n","cves":[{"name":"CVE-2023-22418","url":"https://www.cve.org/CVERecord?id=CVE-2023-22418"},{"name":"CVE-2023-22657","url":"https://www.cve.org/CVERecord?id=CVE-2023-22657"},{"name":"CVE-2023-22664","url":"https://www.cve.org/CVERecord?id=CVE-2023-22664"},{"name":"CVE-2023-22340","url":"https://www.cve.org/CVERecord?id=CVE-2023-22340"},{"name":"CVE-2023-22358","url":"https://www.cve.org/CVERecord?id=CVE-2023-22358"},{"name":"CVE-2023-22341","url":"https://www.cve.org/CVERecord?id=CVE-2023-22341"},{"name":"CVE-2023-22422","url":"https://www.cve.org/CVERecord?id=CVE-2023-22422"},{"name":"CVE-2023-22281","url":"https://www.cve.org/CVERecord?id=CVE-2023-22281"},{"name":"CVE-2023-22302","url":"https://www.cve.org/CVERecord?id=CVE-2023-22302"},{"name":"CVE-2023-23555","url":"https://www.cve.org/CVERecord?id=CVE-2023-23555"},{"name":"CVE-2023-22326","url":"https://www.cve.org/CVERecord?id=CVE-2023-22326"},{"name":"CVE-2023-23552","url":"https://www.cve.org/CVERecord?id=CVE-2023-23552"},{"name":"CVE-2023-22323","url":"https://www.cve.org/CVERecord?id=CVE-2023-22323"},{"name":"CVE-2023-22842","url":"https://www.cve.org/CVERecord?id=CVE-2023-22842"},{"name":"CVE-2023-22839","url":"https://www.cve.org/CVERecord?id=CVE-2023-22839"},{"name":"CVE-2023-22374","url":"https://www.cve.org/CVERecord?id=CVE-2023-22374"},{"name":"CVE-2023-22283","url":"https://www.cve.org/CVERecord?id=CVE-2023-22283"}],"links":[],"reference":"CERTFR-2023-AVI-0088","revisions":[{"description":"Version initiale","revision_date":"2023-02-02T00:00:00.000000"}],"risks":[{"description":"D\u00e9ni de service \u00e0 distance"},{"description":"Ex\u00e9cution de code arbitraire \u00e0 distance"},{"description":"Contournement de la politique de s\u00e9curit\u00e9"},{"description":"Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"},{"description":"\u00c9l\u00e9vation de privil\u00e8ges"}],"summary":"De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans F5 BIG-IP.\nCertaines d'entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net un contournement de la politique de s\u00e9curit\u00e9.\n","title":"Multiples vuln\u00e9rabilit\u00e9s dans F5 BIG-IP","vendor_advisories":[{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 F5 K000130496 du 01 f\u00e9vrier 2023","url":"https://my.f5.com/manage/s/article/K000130496"}]}