CVE-2023-46747

Name of the Vulnerable Software and Affected Versions F5 BIG-IP versions 13.1.5 through 17.1.0

Description F5 BIG-IP devices are affected by a critical vulnerability that allows an unauthenticated attacker with network access to the system through the management port and/or self IP addresses to execute arbitrary system commands. This is due to a flaw in the configuration utility that bypasses authentication measures. The vulnerability is actively exploited in the wild, with reports of initial access brokers leveraging it, and has been observed in conjunction with other malware, including ransomware. The vulnerability is related to request smuggling and the Apache JServ Protocol (AJP). Exploitation can lead to the creation of new administrative users with full permissions. The vulnerability has a CVSS score of 9.8.

Recommendations Apply the applicable engineering hotfix for all affected versions. Restrict internet access to the BIG-IP management interface. Consider temporarily disabling the vulnerable configuration utility until a patch can be applied.