CVE-2023-46747 Report - Details, Severity, & Advisories
Twingate Team
•
Jan 11, 2024
CVE-2023-46747 is a critical vulnerability affecting various versions of F5 BIG-IP products, allowing an unauthenticated attacker with network access to bypass configuration utility authentication and execute arbitrary system commands. With a CVSS 2.0 score of 9.8, this vulnerability poses a significant risk to affected systems. It is important for organizations using F5 BIG-IP products to be aware of this vulnerability and take appropriate steps to mitigate its impact.
How do I know if I'm affected?
If you're using F5 BIG-IP products, you might be affected by this vulnerability. This security issue allows an attacker to bypass configuration utility authentication and execute arbitrary system commands. The affected versions include BIG-IP 17.1.0, BIG-IP 16.1.0 - 16.1.4, BIG-IP 15.1.0 - 15.1.10, BIG-IP 14.1.0 - 14.1.5, and BIG-IP 13.1.0 - 13.1.5. To determine if you're impacted, check your product version and compare it to the mentioned vulnerable versions. Keep in mind that this vulnerability doesn't affect Apple products.
What should I do if I'm affected?
If you're affected by this vulnerability you should check if your BIG-IP version is vulnerable. If it is, download the mitigation script provided by F5. Then, log in to the command line of your BIG-IP system as the root user. Verify the script's integrity, make it executable, and run it. Lastly, install a fixed version or upgrade to a version with the fix.
Is this in CISA’s Known Exploited Vulnerabilities Catalog?
Yes, it is in CISA's Known Exploited Vulnerabilities Catalog. The vulnerability, named F5 BIG-IP Configuration Utility Authentication Bypass Vulnerability, was added on October 31, 2023, with a due date of November 21, 2023.
Weakness enumeration
The weakness enumeration for this vulnerability is categorized as CWE-288, which involves bypassing authentication and executing arbitrary system commands on affected F5 BIG-IP products.
For more details
CVE-2023-46747 is a critical vulnerability affecting F5 BIG-IP products, posing significant risks to organizations. By understanding the vulnerability and implementing appropriate mitigation strategies, organizations can better protect their systems. For a comprehensive overview of this vulnerability, including its description, severity, technical details, and known affected software configurations, visit the NVD page or the links below.
Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.
CVE-2023-46747 Report - Details, Severity, & Advisories
Twingate Team
•
Jan 11, 2024
CVE-2023-46747 is a critical vulnerability affecting various versions of F5 BIG-IP products, allowing an unauthenticated attacker with network access to bypass configuration utility authentication and execute arbitrary system commands. With a CVSS 2.0 score of 9.8, this vulnerability poses a significant risk to affected systems. It is important for organizations using F5 BIG-IP products to be aware of this vulnerability and take appropriate steps to mitigate its impact.
How do I know if I'm affected?
If you're using F5 BIG-IP products, you might be affected by this vulnerability. This security issue allows an attacker to bypass configuration utility authentication and execute arbitrary system commands. The affected versions include BIG-IP 17.1.0, BIG-IP 16.1.0 - 16.1.4, BIG-IP 15.1.0 - 15.1.10, BIG-IP 14.1.0 - 14.1.5, and BIG-IP 13.1.0 - 13.1.5. To determine if you're impacted, check your product version and compare it to the mentioned vulnerable versions. Keep in mind that this vulnerability doesn't affect Apple products.
What should I do if I'm affected?
If you're affected by this vulnerability you should check if your BIG-IP version is vulnerable. If it is, download the mitigation script provided by F5. Then, log in to the command line of your BIG-IP system as the root user. Verify the script's integrity, make it executable, and run it. Lastly, install a fixed version or upgrade to a version with the fix.
Is this in CISA’s Known Exploited Vulnerabilities Catalog?
Yes, it is in CISA's Known Exploited Vulnerabilities Catalog. The vulnerability, named F5 BIG-IP Configuration Utility Authentication Bypass Vulnerability, was added on October 31, 2023, with a due date of November 21, 2023.
Weakness enumeration
The weakness enumeration for this vulnerability is categorized as CWE-288, which involves bypassing authentication and executing arbitrary system commands on affected F5 BIG-IP products.
For more details
CVE-2023-46747 is a critical vulnerability affecting F5 BIG-IP products, posing significant risks to organizations. By understanding the vulnerability and implementing appropriate mitigation strategies, organizations can better protect their systems. For a comprehensive overview of this vulnerability, including its description, severity, technical details, and known affected software configurations, visit the NVD page or the links below.
Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.
CVE-2023-46747 Report - Details, Severity, & Advisories
Twingate Team
•
Jan 11, 2024
CVE-2023-46747 is a critical vulnerability affecting various versions of F5 BIG-IP products, allowing an unauthenticated attacker with network access to bypass configuration utility authentication and execute arbitrary system commands. With a CVSS 2.0 score of 9.8, this vulnerability poses a significant risk to affected systems. It is important for organizations using F5 BIG-IP products to be aware of this vulnerability and take appropriate steps to mitigate its impact.
How do I know if I'm affected?
If you're using F5 BIG-IP products, you might be affected by this vulnerability. This security issue allows an attacker to bypass configuration utility authentication and execute arbitrary system commands. The affected versions include BIG-IP 17.1.0, BIG-IP 16.1.0 - 16.1.4, BIG-IP 15.1.0 - 15.1.10, BIG-IP 14.1.0 - 14.1.5, and BIG-IP 13.1.0 - 13.1.5. To determine if you're impacted, check your product version and compare it to the mentioned vulnerable versions. Keep in mind that this vulnerability doesn't affect Apple products.
What should I do if I'm affected?
If you're affected by this vulnerability you should check if your BIG-IP version is vulnerable. If it is, download the mitigation script provided by F5. Then, log in to the command line of your BIG-IP system as the root user. Verify the script's integrity, make it executable, and run it. Lastly, install a fixed version or upgrade to a version with the fix.
Is this in CISA’s Known Exploited Vulnerabilities Catalog?
Yes, it is in CISA's Known Exploited Vulnerabilities Catalog. The vulnerability, named F5 BIG-IP Configuration Utility Authentication Bypass Vulnerability, was added on October 31, 2023, with a due date of November 21, 2023.
Weakness enumeration
The weakness enumeration for this vulnerability is categorized as CWE-288, which involves bypassing authentication and executing arbitrary system commands on affected F5 BIG-IP products.
For more details
CVE-2023-46747 is a critical vulnerability affecting F5 BIG-IP products, posing significant risks to organizations. By understanding the vulnerability and implementing appropriate mitigation strategies, organizations can better protect their systems. For a comprehensive overview of this vulnerability, including its description, severity, technical details, and known affected software configurations, visit the NVD page or the links below.