CVE-2023-46747 Report - Details, Severity, & Advisories
Twingate Team
•
Jan 11, 2024
CVE-2023-46747 is a critical vulnerability affecting various versions of F5 BIG-IP products, allowing an unauthenticated attacker with network access to bypass configuration utility authentication and execute arbitrary system commands. With a CVSS 2.0 score of 9.8, this vulnerability poses a significant risk to affected systems. It is important for organizations using F5 BIG-IP products to be aware of this vulnerability and take appropriate steps to mitigate its impact.
How do I know if I'm affected?
If you're using F5 BIG-IP products, you might be affected by this vulnerability. This security issue allows an attacker to bypass configuration utility authentication and execute arbitrary system commands. The affected versions include BIG-IP 17.1.0, BIG-IP 16.1.0 - 16.1.4, BIG-IP 15.1.0 - 15.1.10, BIG-IP 14.1.0 - 14.1.5, and BIG-IP 13.1.0 - 13.1.5. To determine if you're impacted, check your product version and compare it to the mentioned vulnerable versions. Keep in mind that this vulnerability doesn't affect Apple products.
What should I do if I'm affected?
If you're affected by this vulnerability you should check if your BIG-IP version is vulnerable. If it is, download the mitigation script provided by F5. Then, log in to the command line of your BIG-IP system as the root user. Verify the script's integrity, make it executable, and run it. Lastly, install a fixed version or upgrade to a version with the fix.
Is this in CISA’s Known Exploited Vulnerabilities Catalog?
Yes, it is in CISA's Known Exploited Vulnerabilities Catalog. The vulnerability, named F5 BIG-IP Configuration Utility Authentication Bypass Vulnerability, was added on October 31, 2023, with a due date of November 21, 2023.
Weakness enumeration
The weakness enumeration for this vulnerability is categorized as CWE-288, which involves bypassing authentication and executing arbitrary system commands on affected F5 BIG-IP products.
For more details
CVE-2023-46747 is a critical vulnerability affecting F5 BIG-IP products, posing significant risks to organizations. By understanding the vulnerability and implementing appropriate mitigation strategies, organizations can better protect their systems. For a comprehensive overview of this vulnerability, including its description, severity, technical details, and known affected software configurations, visit the NVD page or the links below.
Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.
CVE-2023-46747 Report - Details, Severity, & Advisories
Twingate Team
•
Jan 11, 2024
CVE-2023-46747 is a critical vulnerability affecting various versions of F5 BIG-IP products, allowing an unauthenticated attacker with network access to bypass configuration utility authentication and execute arbitrary system commands. With a CVSS 2.0 score of 9.8, this vulnerability poses a significant risk to affected systems. It is important for organizations using F5 BIG-IP products to be aware of this vulnerability and take appropriate steps to mitigate its impact.
How do I know if I'm affected?
If you're using F5 BIG-IP products, you might be affected by this vulnerability. This security issue allows an attacker to bypass configuration utility authentication and execute arbitrary system commands. The affected versions include BIG-IP 17.1.0, BIG-IP 16.1.0 - 16.1.4, BIG-IP 15.1.0 - 15.1.10, BIG-IP 14.1.0 - 14.1.5, and BIG-IP 13.1.0 - 13.1.5. To determine if you're impacted, check your product version and compare it to the mentioned vulnerable versions. Keep in mind that this vulnerability doesn't affect Apple products.
What should I do if I'm affected?
If you're affected by this vulnerability you should check if your BIG-IP version is vulnerable. If it is, download the mitigation script provided by F5. Then, log in to the command line of your BIG-IP system as the root user. Verify the script's integrity, make it executable, and run it. Lastly, install a fixed version or upgrade to a version with the fix.
Is this in CISA’s Known Exploited Vulnerabilities Catalog?
Yes, it is in CISA's Known Exploited Vulnerabilities Catalog. The vulnerability, named F5 BIG-IP Configuration Utility Authentication Bypass Vulnerability, was added on October 31, 2023, with a due date of November 21, 2023.
Weakness enumeration
The weakness enumeration for this vulnerability is categorized as CWE-288, which involves bypassing authentication and executing arbitrary system commands on affected F5 BIG-IP products.
For more details
CVE-2023-46747 is a critical vulnerability affecting F5 BIG-IP products, posing significant risks to organizations. By understanding the vulnerability and implementing appropriate mitigation strategies, organizations can better protect their systems. For a comprehensive overview of this vulnerability, including its description, severity, technical details, and known affected software configurations, visit the NVD page or the links below.
Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.
CVE-2023-46747 Report - Details, Severity, & Advisories
Twingate Team
•
Jan 11, 2024
CVE-2023-46747 is a critical vulnerability affecting various versions of F5 BIG-IP products, allowing an unauthenticated attacker with network access to bypass configuration utility authentication and execute arbitrary system commands. With a CVSS 2.0 score of 9.8, this vulnerability poses a significant risk to affected systems. It is important for organizations using F5 BIG-IP products to be aware of this vulnerability and take appropriate steps to mitigate its impact.
How do I know if I'm affected?
If you're using F5 BIG-IP products, you might be affected by this vulnerability. This security issue allows an attacker to bypass configuration utility authentication and execute arbitrary system commands. The affected versions include BIG-IP 17.1.0, BIG-IP 16.1.0 - 16.1.4, BIG-IP 15.1.0 - 15.1.10, BIG-IP 14.1.0 - 14.1.5, and BIG-IP 13.1.0 - 13.1.5. To determine if you're impacted, check your product version and compare it to the mentioned vulnerable versions. Keep in mind that this vulnerability doesn't affect Apple products.
What should I do if I'm affected?
If you're affected by this vulnerability you should check if your BIG-IP version is vulnerable. If it is, download the mitigation script provided by F5. Then, log in to the command line of your BIG-IP system as the root user. Verify the script's integrity, make it executable, and run it. Lastly, install a fixed version or upgrade to a version with the fix.
Is this in CISA’s Known Exploited Vulnerabilities Catalog?
Yes, it is in CISA's Known Exploited Vulnerabilities Catalog. The vulnerability, named F5 BIG-IP Configuration Utility Authentication Bypass Vulnerability, was added on October 31, 2023, with a due date of November 21, 2023.
Weakness enumeration
The weakness enumeration for this vulnerability is categorized as CWE-288, which involves bypassing authentication and executing arbitrary system commands on affected F5 BIG-IP products.
For more details
CVE-2023-46747 is a critical vulnerability affecting F5 BIG-IP products, posing significant risks to organizations. By understanding the vulnerability and implementing appropriate mitigation strategies, organizations can better protect their systems. For a comprehensive overview of this vulnerability, including its description, severity, technical details, and known affected software configurations, visit the NVD page or the links below.
Solutions
Solutions
The VPN replacement your workforce will love.
Solutions