CVE-2023-46747

Name of the Vulnerable Software and Affected Versions F5 BIG-IP versions 13.1.5 through 17.1.0

Description F5 BIG-IP devices are affected by a critical vulnerability that allows attackers to bypass authentication and execute arbitrary system commands. This is due to undisclosed requests that can bypass the configuration utility authentication, granting access to the system through the management port and/or self IP addresses. The vulnerability has been actively exploited in the wild, with reports of initial access brokers leveraging it, and is associated with request smuggling techniques. The vulnerability is rated as critical with a CVSS score of 9.8. Exploitation has been observed in conjunction with other vulnerabilities, potentially leading to ransomware attacks. There have been reports of attackers rapidly switching IP addresses during exploitation attempts.

Recommendations Apply the latest available security hotfixes released by F5 for BIG-IP versions 13.1.5 through 17.1.0. Restrict internet access to the BIG-IP management interface. Consider temporarily disabling the vulnerable configuration utility until a patch can be applied.