CVE-2008-1503

Name of the Vulnerable Software and Affected Versions F5 BIG-IP version 9.4.3

Description A cross-site scripting (XSS) issue exists in the web management interface, allowing remote attackers to inject arbitrary web script or HTML via the name of a node object, or the sysContact or sysLocation SNMP configuration fields. This issue might be related to cross-site request forgery (CSRF) vulnerabilities.

Recommendations For F5 BIG-IP version 9.4.3, consider disabling access to the web management interface until a fix is available, and restrict modifications to the node object, sysContact, and sysLocation SNMP configuration fields to minimize the risk of exploitation.