CVE-2023-46747

CVSS v3.1

9.8

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions F5 BIG-IP versions 13.1.0 through 17.1.0

Description F5 BIG-IP devices are affected by a critical vulnerability that allows unauthenticated attackers with network access to the management port or self IP addresses to execute arbitrary system commands. This is due to a flaw in the configuration utility that bypasses authentication checks. The vulnerability is actively exploited in the wild, with reports of initial access brokers leveraging it, and has been linked to ransomware campaigns. The vulnerability is related to request smuggling and the Apache JServ Protocol (AJP). The issue impacts all versions of BIG-IP and is limited to the control plane.

Recommendations Apply the applicable engineering hotfix for all affected versions. Restrict internet access to the BIG-IP management interface. Consider temporarily disabling the vulnerable configuration utility until a patch can be applied.

Exploit

Fix

RCE

Missing Authentication

SQL injection

Authentication Bypass Using an Alternate Path or Channel

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-306CWE-89CWE-288

Related Identifiers

BDU:2023-07232

BDU:2023-07400

CVE-2023-46747

Affected Products

F5 Big-Ip

F5 Big-Ip Access Policy Manager

F5 Big-Ip Advanced Firewall Manager

F5 Big-Ip Analytics

F5 Big-Ip Application Acceleration Manager

F5 Big-Ip Application Security Manager

F5 Big-Ip Domain Name System

F5 Big-Ip Fraud Protection Service

F5 Big-Ip Hybrid Defender

F5 Big-Ip Link Controller

F5 Big-Ip Local Traffic Manager

F5 Big-Ip Policy Enforcement Manager

CVE-2023-46747

Weakness Enumeration

Related Identifiers

Affected Products

References · 215