Undisclosed Requests May Bypass Configuration Utility Authentication in F5 BIG-IP Systems, Allowing Attackers to Execute Arbitrary System Commands
CVE-2023-46747
Key Information:
Badges
What is CVE-2023-46747?
CVE-2023-46747 is a serious vulnerability affecting F5 BIG-IP systems, which are widely used for application delivery and security services. This vulnerability allows attackers who have network access to bypass authentication mechanisms in the configuration utility, enabling them to execute arbitrary commands on the system. The potential consequences of such access are significant, as they could result in unauthorized control over critical infrastructure, compromising the security and operational integrity of organizations that rely on these systems.
Technical Details
The vulnerability is triggered by undisclosed requests that can bypass configuration utility authentication. Specifically, attackers with network access through the management port or self IP addresses can leverage this flaw to run arbitrary system commands. This exploitation path highlights a critical weakness in the authentication process, posing a heightened risk for organizations failing to secure their systems adequately. It is important to note that software versions that have reached End of Technical Support (EoTS) are not evaluated in the context of this vulnerability.
Potential Impact of CVE-2023-46747
-
Unauthorized System Access: The ability for attackers to execute arbitrary commands could lead to unauthorized access to sensitive data and configuration settings, undermining the confidentiality and integrity of the affected systems.
-
Operational Disruption: Compromised BIG-IP systems can disrupt application delivery and management processes, potentially causing downtime or degradation of service for critical applications and services relied upon by the organization.
-
Increased Risk of Ransomware Attacks: The exploitation of this vulnerability not only facilitates unauthorized control but also positions organizations as potential targets for ransomware groups, given that such access could be escalated to execute malicious payloads or deploy ransomware effectively.
CISA Reported
CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed as being exploited and is known by the CISA as enabling ransomware campaigns.
The CISA's recommendation is: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Affected Version(s)
BIG-IP 17.1.0
BIG-IP 16.1.0
BIG-IP 15.1.0
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
Get notified when SecurityVulnerability.io launches alerting π
Well keep you posted π§
News Articles
Duo SecurityCVE-2023-46747F5 Patches Remote Code Execution Bug in BIG-IP
The critical-severity, unauthenticated remote code execution flaw exists in several versions of the F5 BIG-IP security appliances.
10 months ago
China-Linked Group Breaches Networks via Connectwise, F5 Software Flaws
China-linked threat group aggressively exploits software flaws in Connectwise ScreenConnect & F5 BIG-IP.
10 months ago
Bringing Access Back β Initial Access Brokers Exploit F5 BIG-IP (CVE-2023-46747) and ScreenConnect
During the course of an intrusion investigation in late October 2023, Mandiant observed novel N-day exploitation ofΒ CVE-2023-46747 affecting F5 BIG-IP Traffic Management User Interface. Additionally, in...
10 months ago
References
EPSS Score
97% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
- π‘
Public PoC available
- π
Vulnerability started trending
- π°
Used in Ransomware
- π¦
CISA Reported
- πΎ
Exploit known to exist
- π°
First article discovered by The Hacker News
Vulnerability published
Vulnerability Reserved