CVE-2023-46747

critical

Description

Undisclosed requests may bypass configuration utility authentication, allowing an attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

From the Tenable Blog

CVE-2023-46747: Critical Authentication Bypass Vulnerability in F5 BIG-IP
CVE-2023-46747: Critical Authentication Bypass Vulnerability in F5 BIG-IP

Published: 2023-10-27

A critical authentication bypass vulnerability in F5’s BIG-IP could allow remote, unauthenticated attackers to execute system commands. Organizations are encouraged to apply patches as soon as possible.

References

Details

Source: Mitre, NVD

Published: 2023-10-26

Updated: 2025-04-02

Known Exploited Vulnerability (KEV)

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.94441