Detections
Analytics
CVE-2023-46747
critical
Description
Undisclosed requests may bypass configuration utility authentication, allowing an attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
From the Tenable Blog
CVE-2023-46747: Critical Authentication Bypass Vulnerability in F5 BIG-IP
Published: 2023-10-27
A critical authentication bypass vulnerability in F5’s BIG-IP could allow remote, unauthenticated attackers to execute system commands. Organizations are encouraged to apply patches as soon as possible.
References
https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-242a
https://www.mandiant.com/resources/blog/initial-access-brokers-exploit-f5-screenconnect
https://www.securityweek.com/attackers-exploiting-critical-f5-big-ip-vulnerability/