F5 Networks has issued a critical security alert, warning customers of a severe vulnerability impacting BIG-IP.
This vulnerability, identified as CVE-2023-46747, poses a significant risk of unauthenticated remote code execution and carries a CVSS score of 9.8 out of 10. The issue resides in the configuration utility component and allows an attacker, with network access to the BIG-IP system through the management port and/or self IP addresses, to execute arbitrary system commands. Importantly, this is classified as a control plane issue with no data plane exposure.
The vulnerability was discovered and reported by Michael Weber and Thomas Hendrickson of Praetorian on October 4, 2023. Praetorian describes CVE-2023-46747 as an authentication bypass issue, capable of leading to a total compromise of the F5 system through arbitrary command execution as root.
It should be mentioned that this flaw is closely related to CVE-2022-26377. Praetorian suggests restricting access to the Traffic Management User Interface (TMUI) from the internet, emphasizing that this is the third unauthenticated remote code execution flaw discovered in TMUI after CVE-2020-5902 and CVE-2022-1388.
CVE-2023-46747: Affected Versions and Fixes
The following versions of BIG-IP are found to be vulnerable due to CVE-2023-46747:
- 17.1.0 (Fixed in 17.1.0.3 + Hotfix-BIGIP-17.1.0.3.0.75.4-ENG)
- 16.1.0 – 16.1.4 (Fixed in 16.1.4.1 + Hotfix-BIGIP-16.1.4.1.0.50.5-ENG)
- 15.1.0 – 15.1.10 (Fixed in 15.1.10.2 + Hotfix-BIGIP-15.1.10.2.0.44.2-ENG)
- 14.1.0 – 14.1.5 (Fixed in 14.1.5.6 + Hotfix-BIGIP-14.1.5.6.0.10.6-ENG)
- 13.1.0 – 13.1.5 (Fixed in 13.1.5.1 + Hotfix-BIGIP-13.1.5.1.0.20.2-ENG)
Mitigations and Workarounds
F5 recommends using a provided shell script for users of BIG-IP versions 14.1.0 and later. However, caution is advised, as using this script on versions prior to 14.1.0 may prevent the Configuration utility from starting. Other temporary workarounds include blocking Configuration utility access through self IP addresses and the management interface.
Urgent Recommendations
Given the severity of the CVE-2023-46747 vulnerability and potential for unauthenticated remote code execution, users are strongly advised to apply the provided fixes, use mitigations, and follow F5’s recommendations to secure their BIG-IP deployments. The swift adoption of these measures is crucial to prevent unauthorized access and potential system compromise.
Milena Dimitrova
An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim
Follow Me: