/

CVE-2023-46747 Report - Details, Severity, & Advisorie...

CVE-2023-46747 Report - Details, Severity, & Advisories

Twingate Team

Jan 11, 2024

CVE-2023-46747 is a critical vulnerability affecting various versions of F5 BIG-IP products, allowing an unauthenticated attacker with network access to bypass configuration utility authentication and execute arbitrary system commands. With a CVSS 2.0 score of 9.8, this vulnerability poses a significant risk to affected systems. It is important for organizations using F5 BIG-IP products to be aware of this vulnerability and take appropriate steps to mitigate its impact.

How do I know if I'm affected?

If you're using F5 BIG-IP products, you might be affected by this vulnerability. This security issue allows an attacker to bypass configuration utility authentication and execute arbitrary system commands. The affected versions include BIG-IP 17.1.0, BIG-IP 16.1.0 - 16.1.4, BIG-IP 15.1.0 - 15.1.10, BIG-IP 14.1.0 - 14.1.5, and BIG-IP 13.1.0 - 13.1.5. To determine if you're impacted, check your product version and compare it to the mentioned vulnerable versions. Keep in mind that this vulnerability doesn't affect Apple products.

What should I do if I'm affected?

If you're affected by this vulnerability you should check if your BIG-IP version is vulnerable. If it is, download the mitigation script provided by F5. Then, log in to the command line of your BIG-IP system as the root user. Verify the script's integrity, make it executable, and run it. Lastly, install a fixed version or upgrade to a version with the fix.

Is this in CISA’s Known Exploited Vulnerabilities Catalog?

Yes, it is in CISA's Known Exploited Vulnerabilities Catalog. The vulnerability, named F5 BIG-IP Configuration Utility Authentication Bypass Vulnerability, was added on October 31, 2023, with a due date of November 21, 2023.

Weakness enumeration

The weakness enumeration for this vulnerability is categorized as CWE-288, which involves bypassing authentication and executing arbitrary system commands on affected F5 BIG-IP products.

For more details

CVE-2023-46747 is a critical vulnerability affecting F5 BIG-IP products, posing significant risks to organizations. By understanding the vulnerability and implementing appropriate mitigation strategies, organizations can better protect their systems. For a comprehensive overview of this vulnerability, including its description, severity, technical details, and known affected software configurations, visit the NVD page or the links below.

Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.

/

CVE-2023-46747 Report - Details, Severity, & Advisorie...

CVE-2023-46747 Report - Details, Severity, & Advisories

Twingate Team

Jan 11, 2024

CVE-2023-46747 is a critical vulnerability affecting various versions of F5 BIG-IP products, allowing an unauthenticated attacker with network access to bypass configuration utility authentication and execute arbitrary system commands. With a CVSS 2.0 score of 9.8, this vulnerability poses a significant risk to affected systems. It is important for organizations using F5 BIG-IP products to be aware of this vulnerability and take appropriate steps to mitigate its impact.

How do I know if I'm affected?

If you're using F5 BIG-IP products, you might be affected by this vulnerability. This security issue allows an attacker to bypass configuration utility authentication and execute arbitrary system commands. The affected versions include BIG-IP 17.1.0, BIG-IP 16.1.0 - 16.1.4, BIG-IP 15.1.0 - 15.1.10, BIG-IP 14.1.0 - 14.1.5, and BIG-IP 13.1.0 - 13.1.5. To determine if you're impacted, check your product version and compare it to the mentioned vulnerable versions. Keep in mind that this vulnerability doesn't affect Apple products.

What should I do if I'm affected?

If you're affected by this vulnerability you should check if your BIG-IP version is vulnerable. If it is, download the mitigation script provided by F5. Then, log in to the command line of your BIG-IP system as the root user. Verify the script's integrity, make it executable, and run it. Lastly, install a fixed version or upgrade to a version with the fix.

Is this in CISA’s Known Exploited Vulnerabilities Catalog?

Yes, it is in CISA's Known Exploited Vulnerabilities Catalog. The vulnerability, named F5 BIG-IP Configuration Utility Authentication Bypass Vulnerability, was added on October 31, 2023, with a due date of November 21, 2023.

Weakness enumeration

The weakness enumeration for this vulnerability is categorized as CWE-288, which involves bypassing authentication and executing arbitrary system commands on affected F5 BIG-IP products.

For more details

CVE-2023-46747 is a critical vulnerability affecting F5 BIG-IP products, posing significant risks to organizations. By understanding the vulnerability and implementing appropriate mitigation strategies, organizations can better protect their systems. For a comprehensive overview of this vulnerability, including its description, severity, technical details, and known affected software configurations, visit the NVD page or the links below.

Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.

CVE-2023-46747 Report - Details, Severity, & Advisories

Twingate Team

Jan 11, 2024

CVE-2023-46747 is a critical vulnerability affecting various versions of F5 BIG-IP products, allowing an unauthenticated attacker with network access to bypass configuration utility authentication and execute arbitrary system commands. With a CVSS 2.0 score of 9.8, this vulnerability poses a significant risk to affected systems. It is important for organizations using F5 BIG-IP products to be aware of this vulnerability and take appropriate steps to mitigate its impact.

How do I know if I'm affected?

If you're using F5 BIG-IP products, you might be affected by this vulnerability. This security issue allows an attacker to bypass configuration utility authentication and execute arbitrary system commands. The affected versions include BIG-IP 17.1.0, BIG-IP 16.1.0 - 16.1.4, BIG-IP 15.1.0 - 15.1.10, BIG-IP 14.1.0 - 14.1.5, and BIG-IP 13.1.0 - 13.1.5. To determine if you're impacted, check your product version and compare it to the mentioned vulnerable versions. Keep in mind that this vulnerability doesn't affect Apple products.

What should I do if I'm affected?

If you're affected by this vulnerability you should check if your BIG-IP version is vulnerable. If it is, download the mitigation script provided by F5. Then, log in to the command line of your BIG-IP system as the root user. Verify the script's integrity, make it executable, and run it. Lastly, install a fixed version or upgrade to a version with the fix.

Is this in CISA’s Known Exploited Vulnerabilities Catalog?

Yes, it is in CISA's Known Exploited Vulnerabilities Catalog. The vulnerability, named F5 BIG-IP Configuration Utility Authentication Bypass Vulnerability, was added on October 31, 2023, with a due date of November 21, 2023.

Weakness enumeration

The weakness enumeration for this vulnerability is categorized as CWE-288, which involves bypassing authentication and executing arbitrary system commands on affected F5 BIG-IP products.

For more details

CVE-2023-46747 is a critical vulnerability affecting F5 BIG-IP products, posing significant risks to organizations. By understanding the vulnerability and implementing appropriate mitigation strategies, organizations can better protect their systems. For a comprehensive overview of this vulnerability, including its description, severity, technical details, and known affected software configurations, visit the NVD page or the links below.