The SentinelOne Annual Threat Report - A Defenders Guide from the FrontlinesThe SentinelOne Annual Threat ReportGet the Report
Experiencing a Breach?Blog
Get StartedContact Us
SentinelOne
  • Platform
    Platform Overview
    • Singularity Platform
      Welcome to Integrated Enterprise Security
    • AI for Security
      Leading the Way in AI-Powered Security Solutions
    • Securing AI
      Accelerate AI Adoption with Secure AI Tools, Apps, and Agents.
    • How It Works
      The Singularity XDR Difference
    • Singularity Marketplace
      One-Click Integrations to Unlock the Power of XDR
    • Pricing & Packaging
      Comparisons and Guidance at a Glance
    Data & AI
    • Purple AI
      Accelerate SecOps with Generative AI
    • Singularity Hyperautomation
      Easily Automate Security Processes
    • AI-SIEM
      The AI SIEM for the Autonomous SOC
    • Singularity Data Lake
      AI-Powered, Unified Data Lake
    • Singularity Data Lake for Log Analytics
      Seamlessly Ingest Data from On-Prem, Cloud or Hybrid Environments
    Endpoint Security
    • Singularity Endpoint
      Autonomous Prevention, Detection, and Response
    • Singularity XDR
      Native & Open Protection, Detection, and Response
    • Singularity RemoteOps Forensics
      Orchestrate Forensics at Scale
    • Singularity Threat Intelligence
      Comprehensive Adversary Intelligence
    • Singularity Vulnerability Management
      Application & OS Vulnerability Management
    • Singularity Identity
      Identity Threat Detection and Response
    Cloud Security
    • Singularity Cloud Security
      Block Attacks with an AI-Powered CNAPP
    • Singularity Cloud Native Security
      Secure Cloud and Development Resources
    • Singularity Cloud Workload Security
      Real-Time Cloud Workload Protection Platform
    • Singularity Cloud Data Security
      AI-Powered Threat Detection for Cloud Storage
    • Singularity Cloud Security Posture Management
      Detect and Remediate Cloud Misconfigurations
    Securing AI
    • Prompt Security
      Secure AI Tools Across Your Enterprise
  • Why SentinelOne?
    Why SentinelOne?
    • Why SentinelOne?
      Cybersecurity Built for What’s Next
    • Our Customers
      Trusted by the World’s Leading Enterprises
    • Industry Recognition
      Tested and Proven by the Experts
    • About Us
      The Industry Leader in Autonomous Cybersecurity
    Compare SentinelOne
    • Arctic Wolf
    • Broadcom
    • CrowdStrike
    • Cybereason
    • Microsoft
    • Palo Alto Networks
    • Sophos
    • Splunk
    • Trellix
    • Trend Micro
    • Wiz
    Verticals
    • Energy
    • Federal Government
    • Finance
    • Healthcare
    • Higher Education
    • K-12 Education
    • Manufacturing
    • Retail
    • State and Local Government
  • Services
    Managed Services
    • Managed Services Overview
      Wayfinder Threat Detection & Response
    • Threat Hunting
      World-Class Expertise and Threat Intelligence
    • Managed Detection & Response
      24/7/365 Expert MDR Across Your Entire Environment
    • Incident Readiness & Response
      DFIR, Breach Readiness, & Compromise Assessments
    Support, Deployment, & Health
    • Technical Account Management
      Customer Success with Personalized Service
    • SentinelOne GO
      Guided Onboarding & Deployment Advisory
    • SentinelOne University
      Live and On-Demand Training
    • Services Overview
      Comprehensive Solutions for Seamless Security Operations
    • SentinelOne Community
      Community Login
  • Partners
    Our Network
    • MSSP Partners
      Succeed Faster with SentinelOne
    • Singularity Marketplace
      Extend the Power of S1 Technology
    • Cyber Risk Partners
      Enlist Pro Response and Advisory Teams
    • Technology Alliances
      Integrated, Enterprise-Scale Solutions
    • SentinelOne for AWS
      Hosted in AWS Regions Around the World
    • Channel Partners
      Deliver the Right Solutions, Together
    • SentinelOne for Google Cloud
      Unified, Autonomous Security Giving Defenders the Advantage at Global Scale
    • Partner Locator
      Your Go-to Source for Our Top Partners in Your Region
    Partner Portal→
  • Resources
    Resource Center
    • Case Studies
    • Data Sheets
    • eBooks
    • Reports
    • Videos
    • Webinars
    • Whitepapers
    • Events
    View All Resources→
    Blog
    • Feature Spotlight
    • For CISO/CIO
    • From the Front Lines
    • Identity
    • Cloud
    • macOS
    • SentinelOne Blog
    Blog→
    Tech Resources
    • SentinelLABS
    • Ransomware Anthology
    • Cybersecurity 101
  • About
    About SentinelOne
    • About SentinelOne
      The Industry Leader in Cybersecurity
    • Investor Relations
      Financial Information & Events
    • SentinelLABS
      Threat Research for the Modern Threat Hunter
    • Careers
      The Latest Job Opportunities
    • Press & News
      Company Announcements
    • Cybersecurity Blog
      The Latest Cybersecurity Threats, News, & More
    • FAQ
      Get Answers to Our Most Frequently Asked Questions
    • DataSet
      The Live Data Platform
    • S Foundation
      Securing a Safer Future for All
    • S Ventures
      Investing in the Next Generation of Security, Data and AI
  • Pricing
Get StartedContact Us
CVE Vulnerability Database
Vulnerability Database/CVE-2023-41373

CVE-2023-41373: F5 BIG-IP APM Path Traversal Flaw

CVE-2023-41373 is a path traversal vulnerability in F5 BIG-IP Access Policy Manager that allows authenticated attackers to execute commands and cross security boundaries in Appliance mode. This article covers technical details, affected versions, impact assessment, and mitigation strategies.

Published: February 4, 2026

CVE-2023-41373 Overview

A directory traversal vulnerability exists in the F5 BIG-IP Configuration Utility that may allow an authenticated attacker to execute commands on the BIG-IP system. This vulnerability is particularly severe for BIG-IP systems running in Appliance mode, where a successful exploit can allow the attacker to cross a security boundary. The vulnerability is classified under CWE-22 (Improper Limitation of a Pathname to a Restricted Directory).

Critical Impact

Authenticated attackers can leverage directory traversal to execute arbitrary commands on vulnerable BIG-IP systems, with the potential to cross security boundaries in Appliance mode deployments.

Affected Products

  • F5 BIG-IP Access Policy Manager
  • F5 BIG-IP Advanced Firewall Manager
  • F5 BIG-IP Application Security Manager
  • F5 BIG-IP Domain Name System
  • F5 BIG-IP Local Traffic Manager
  • F5 BIG-IP Advanced Web Application Firewall
  • F5 BIG-IP Analytics
  • F5 BIG-IP Application Acceleration Manager
  • F5 BIG-IP Application Visibility and Reporting
  • F5 BIG-IP Carrier-Grade NAT
  • F5 BIG-IP DDoS Hybrid Defender
  • F5 BIG-IP Fraud Protection Service
  • F5 BIG-IP Global Traffic Manager
  • F5 BIG-IP Link Controller
  • F5 BIG-IP Policy Enforcement Manager
  • F5 BIG-IP SSL Orchestrator
  • F5 BIG-IP WebAccelerator
  • F5 BIG-IP WebSafe

Discovery Timeline

  • October 10, 2023 - CVE-2023-41373 published to NVD
  • November 21, 2024 - Last updated in NVD database

Technical Details for CVE-2023-41373

Vulnerability Analysis

This directory traversal vulnerability resides within the BIG-IP Configuration Utility, a web-based management interface used for administering F5 BIG-IP appliances. The vulnerability allows an authenticated attacker to manipulate file path inputs to access files and directories outside the intended restricted directory structure. By exploiting this flaw, an attacker can traverse the file system and ultimately execute commands on the underlying BIG-IP system.

The attack requires network access and low-privilege authentication credentials to the Configuration Utility. Once authenticated, the attacker can craft malicious requests containing path traversal sequences (such as ../) to escape the intended directory boundaries. The impact is particularly severe on systems running in Appliance mode, as successful exploitation can breach the security isolation boundaries that Appliance mode is designed to enforce.

Root Cause

The root cause of this vulnerability is improper input validation in the BIG-IP Configuration Utility. The application fails to adequately sanitize user-supplied path inputs before using them to access files on the system. This allows attackers to inject directory traversal sequences that navigate outside the intended directory structure, ultimately reaching sensitive system files and enabling command execution.

Attack Vector

The attack is executed over the network against the BIG-IP Configuration Utility web interface. An attacker must first obtain valid authentication credentials (even low-privileged ones) to access the Configuration Utility. Once authenticated, the attacker can submit specially crafted requests containing directory traversal sequences to access arbitrary files on the system.

The exploitation path typically involves manipulating file path parameters within the Configuration Utility's functionality, using sequences like ../ or URL-encoded equivalents (%2e%2e%2f) to traverse upward through the directory structure and reach sensitive system locations where command execution becomes possible.

Detection Methods for CVE-2023-41373

Indicators of Compromise

  • Unusual requests to the BIG-IP Configuration Utility containing path traversal sequences such as ../, ..%2f, or %2e%2e/
  • Authentication logs showing successful logins followed by suspicious file access patterns
  • Web server logs containing requests with abnormally long file paths or multiple parent directory references
  • Unexpected command execution or process spawning on the BIG-IP system following Configuration Utility access

Detection Strategies

  • Deploy web application firewall (WAF) rules to detect and block requests containing directory traversal patterns targeting the Configuration Utility
  • Implement log monitoring for HTTP requests containing path traversal signatures such as ../, encoded variants, and unusually long path strings
  • Enable detailed audit logging on BIG-IP systems to track file system access and command execution
  • Use SentinelOne Singularity to monitor for behavioral anomalies indicating post-exploitation activity

Monitoring Recommendations

  • Continuously monitor BIG-IP Configuration Utility access logs for suspicious request patterns
  • Alert on any authenticated sessions that attempt to access files outside expected directory boundaries
  • Establish baseline behavior for Configuration Utility usage and alert on deviations
  • Monitor for unexpected process creation or command execution on BIG-IP systems

How to Mitigate CVE-2023-41373

Immediate Actions Required

  • Apply the security patches provided by F5 as documented in their security advisory
  • Restrict network access to the BIG-IP Configuration Utility to trusted management networks only
  • Review and audit all accounts with access to the Configuration Utility, removing unnecessary privileges
  • Enable enhanced logging to detect any exploitation attempts

Patch Information

F5 has released security updates to address this vulnerability. Organizations should consult the F5 Technical Article K000135689 for specific version information and patching guidance. Note that software versions which have reached End of Technical Support (EoTS) are not evaluated and may remain vulnerable.

Workarounds

  • Implement strict network segmentation to limit access to the BIG-IP Configuration Utility to authorized management networks only
  • Use firewall rules or access control lists to restrict which IP addresses can reach the Configuration Utility
  • Consider disabling the Configuration Utility entirely if not required for operations, using CLI-based management instead
  • Deploy additional monitoring and alerting for Configuration Utility access patterns while awaiting patch deployment
bash
# Restrict Configuration Utility access to management network
# Example: Modify httpd configuration to limit access
# Consult F5 documentation for proper implementation

# Check current BIG-IP version
tmsh show sys version

# Review security advisory for patch applicability
# https://my.f5.com/manage/s/article/K000135689

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

  • Vulnerability Details
  • TypePath Traversal
  • Vendor/TechF5 Big Ip Access Policy Manager
  • SeverityCRITICAL
  • CVSS Score9.9
  • EPSS Probability2.64%
  • Known ExploitedNo
  • CVSS Vector
  • CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
  • Impact Assessment
  • ConfidentialityLow
  • IntegrityNone
  • AvailabilityHigh
  • CWE References
  • CWE-22
  • Vendor Resources
  • F5 Technical Article K000135689
  • Related CVEs
  • CVE-2025-53868: F5 BIG-IP APM Auth Bypass Vulnerability
  • CVE-2025-23415: F5 BIG-IP APM Auth Bypass Vulnerability
  • CVE-2025-23239: F5 BIG-IP APM RCE Vulnerability
  • CVE-2023-46747: F5 BIG-IP APM Auth Bypass Vulnerability
Default Legacy - Prefooter | Experience the World’s Most Advanced Cybersecurity Platform

Experience the World’s Most Advanced Cybersecurity Platform

See how our intelligent, autonomous cybersecurity platform can protect your organization now and into the future.

Try SentinelOne
  • Get Started
  • Get a Demo
  • Product Tour
  • Why SentinelOne
  • Pricing & Packaging
  • FAQ
  • Contact
  • Contact Us
  • Customer Support
  • SentinelOne Status
  • Language
  • Platform
  • Singularity Platform
  • Singularity Endpoint
  • Singularity Cloud
  • Singularity AI-SIEM
  • Singularity Identity
  • Singularity Marketplace
  • Purple AI
  • Services
  • Wayfinder TDR
  • SentinelOne GO
  • Technical Account Management
  • Support Services
  • Verticals
  • Energy
  • Federal Government
  • Finance
  • Healthcare
  • Higher Education
  • K-12 Education
  • Manufacturing
  • Retail
  • State and Local Government
  • Cybersecurity for SMB
  • Resources
  • Blog
  • Labs
  • Case Studies
  • Videos
  • Product Tours
  • Events
  • Cybersecurity 101
  • eBooks
  • Webinars
  • Whitepapers
  • Press
  • News
  • Ransomware Anthology
  • Company
  • About Us
  • Our Customers
  • Careers
  • Partners
  • Legal & Compliance
  • Security & Compliance
  • Investor Relations
  • S Foundation
  • S Ventures

©2026 SentinelOne, All Rights Reserved.

Privacy Notice Terms of Use

English