A critical vulnerability in the F5 BIG-IP configuration utility tracked as CVE-2023-46747, could result in unauthenticated remote code execution.
A critical vulnerability in the F5 BIG-IP configuration utility tracked as CVE-2023-46747, could result in unauthenticated remote code execution. The flaw has received a CVSS v3.1 score of 9.8, rating it critical, as it can be exploited without authentication in low-complexity attacks.
This vulnerability may allow an unauthenticated attacker with network access to the BIG-IP system through the management port and self-IP addresses to execute arbitrary system commands, F5 said in an advisory released Thursday.
The issue was discovered and reported by Praetorian Security researchers Thomas Hendrickson and Michael Weber on 4 October 2023.
CVE-2023-46747 does not impact the BIG-IP Next, BIG-IQ Centralized Management, F5 Distributed Cloud Services, F5OS, NGINX, and Traffix SDC products.
Unsupported product versions that have reached EoL (end of life) have not been evaluated against CVE-2023-46747, so they may or may not be vulnerable.
Due to the risks involved in using those versions, the recommendation is to upgrade to a supported version as soon as possible.
The following versions of BIG-IP are vulnerable:
17.1.0 (Fixed in 17.1.0.3 + Hotfix-BIGIP-17.1.0.3.0.75.4-ENG)
16.1.0 - 16.1.4 (Fixed in 16.1.4.1 + Hotfix-BIGIP-16.1.4.1.0.50.5-ENG)
15.1.0 - 15.1.10 (Fixed in 15.1.10.2 + Hotfix-BIGIP-15.1.10.2.0.44.2-ENG)
14.1.0 - 14.1.5 (Fixed in 14.1.5.6 + Hotfix-BIGIP-14.1.5.6.0.10.6-ENG)
13.1.0 - 13.1.5 (Fixed in 13.1.5.1 + Hotfix-BIGIP-13.1.5.1.0.20.2-ENG)
As F5 BIG-IP devices are used by governments, Fortune 500 firms, banks, service providers, and major consumer brands, it is strongly advised to apply any available fixes or mitigations to prevent the exploitation of these devices.
Praetorian also recommends that users restrict access to the Traffic Management User Interface (TMUI) from the internet. It's worth noting that CVE-2023-46747 is the third unauthenticated remote code execution flaw uncovered in TMUI after CVE-2020-5902 and CVE-2022-1388.
Unfortunately, as shown in the past, the F5 BIG-IP TMUI has been exposed, allowing attackers to exploit vulnerabilities to wipe devices and gain initial network access.
Want your digital assets to be protected?
CyberShelter provides innovative and modern cybersecurity products and niche services to individuals and organization against all kinds of cyber threats.
For the latest cyber threats and the latest hacking news please follow us on Facebook, Linkedin, and Twitter.
You may be interested in reading: How to Survive the COVID Time Cyber Security Threats?