Home Cyber Security BIG-IP Vulnerability Permits Distant Code Execution

BIG-IP Vulnerability Permits Distant Code Execution

BIG-IP Vulnerability Permits Distant Code Execution


Oct 27, 2023NewsroomCommunity Safety / Vulnerability

Remote Code Execution

F5 has alerted prospects of a crucial safety vulnerability impacting BIG-IP that might lead to unauthenticated distant code execution.

The difficulty, rooted within the configuration utility element, has been assigned the CVE identifier CVE-2023-46747, and carries a CVSS rating of 9.8 out of a most of 10.

“This vulnerability could permit an unauthenticated attacker with community entry to the BIG-IP system by way of the administration port and/or self IP addresses to execute arbitrary system instructions,” F5 mentioned in an advisory launched Thursday. “There isn’t a information airplane publicity; it is a management airplane situation solely.”


The next variations of BIG-IP have been discovered to be weak –

  • 17.1.0 (Mounted in + Hotfix-BIGIP-
  • 16.1.0 – 16.1.4 (Mounted in + Hotfix-BIGIP-
  • 15.1.0 – 15.1.10 (Mounted in + Hotfix-BIGIP-
  • 14.1.0 – 14.1.5 (Mounted in + Hotfix-BIGIP-
  • 13.1.0 – 13.1.5 (Mounted in + Hotfix-BIGIP-

As mitigations, F5 has additionally made accessible a shell script for customers of BIG-IP variations 14.1.0 and later. “This script should not be used on any BIG-IP model previous to 14.1.0 or it should forestall the Configuration utility from beginning,” the corporate warned.

Different non permanent workarounds accessible for customers are beneath –

Michael Weber and Thomas Hendrickson of Praetorian have been credited with discovering and reporting the vulnerability on October 4, 2023.


The cybersecurity firm, in a technical report of its personal, described CVE-2023-46747 as an authentication bypass situation that may result in a complete compromise of the F5 system by executing arbitrary instructions as root on the goal system, noting it is “intently associated to CVE-2022-26377.”

Praetorian can also be recommending that customers prohibit entry to the Visitors Administration Consumer Interface (TMUI) from the web. It is price noting that CVE-2023-46747 is the third unauthenticated distant code execution flaw uncovered in TMUI after CVE-2020-5902 and CVE-2022-1388.

“A seemingly low influence request smuggling bug can turn into a critical situation when two totally different companies offload authentication obligations onto one another,” the researchers mentioned. “Sending requests to the ‘backend’ service that assumes the ‘frontend’ dealt with authentication can result in some fascinating conduct.”

Discovered this text fascinating? Observe us on Twitter and LinkedIn to learn extra unique content material we submit.



Please enter your comment!
Please enter your name here