E23-ggxy1
CVSS:
9.9 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
False Positive:
t
Variants:
7
Year:
2023
Description
This strike exploits a format string vulnerability in the iControl SOAP endpoints of F5 BIG-IP and BIG-IQ.
The vulnerability is due to improper handling of requests sent to the web interface. A remote Authenticated attacker can exploit the vulnerability by sending crafted requests to the target server. Successful exploitation could result in remote code execution within the service of the target server.