CVE-2023-46747

Description

Undisclosed requests may bypass configuration utility authentication, allowing an attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

From the Tenable Blog

CVE-2023-46747: Critical Authentication Bypass Vulnerability in F5 BIG-IP

Published: 2023-10-27

A critical authentication bypass vulnerability in F5’s BIG-IP could allow remote, unauthenticated attackers to execute system commands. Organizations are encouraged to apply patches as soon as possible.

References

https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-242a

https://www.tenable.com/blog/cve-2024-21793-cve-2024-26026-proof-of-concept-available-for-f5-big-ip-next-central-manager

https://thehackernews.com/2024/03/china-linked-group-breaches-networks.html

https://www.mandiant.com/resources/blog/initial-access-brokers-exploit-f5-screenconnect

https://cloud.google.com/blog/topics/threat-intelligence/initial-access-brokers-exploit-f5-screenconnect

https://www.securityweek.com/attackers-exploiting-critical-f5-big-ip-vulnerability/

https://www.tenable.com/blog/cve-2023-46747-critical-authentication-bypass-vulnerability-in-f5-big-ip

https://www.praetorian.com/blog/refresh-compromising-f5-big-ip-with-request-smuggling-cve-2023-46747/

https://www.secpod.com/blog/f5-issues-warning-big-ip-vulnerability-used-in-active-exploit-chain/

https://my.f5.com/manage/s/article/K000137353

http://packetstormsecurity.com/files/175673/F5-BIG-IP-TMUI-AJP-Smuggling-Remote-Command-Execution.html

Details

Source: Mitre, NVD

Risk Information

CVSS v2

CVSS v3