Use of Externally-Controlled Format String

CVE-2023-22374

High

8.5/10

Summary

A format string vulnerability exists in iControl SOAP that allows an authenticated attacker to crash the iControl SOAP CGI process or, potentially execute arbitrary code. In appliance mode BIG-IP, a successful exploit of this vulnerability can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Attack Complexity: HIGH
Attack Vector: NETWORK
Integrity Impact: HIGH
Scope: CHANGED
User Interaction: NONE
Privileges Required: LOW
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-134 - Use of Externally-Controlled Format String

The software uses a function that accepts a format string as an argument, but the format string originates from an external source.

References

Advisory Timeline

Published Feb 01, 2023

Use of Externally-Controlled Format String

CVE-2023-22374

Summary

CWE-134 - Use of Externally-Controlled Format String

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS