This blog has been updated to include new-found instances of exploitation of this vulnerability.
A critical vulnerability identified as CVE-2023-46747 has been discovered in F5’s BIG-IP systems. This vulnerability poses a significant risk as it allows unauthorized attackers to bypass authentication and execute system commands. Immediate action is advised.
What is CVE-2023-46747?
CVE-2023-46747 is a critical authentication bypass vulnerability affecting F5 BIG-IP systems. The vulnerability is particularly concerning because it allows an unauthenticated attacker to execute remote code on the affected devices. The vulnerability has been assigned a CVSSv3 score of 9.8, indicating its severe impact.
Does it affect me?
If your organization uses F5 BIG-IP systems and exposes the Traffic Management User Interface (TMUI), you are at risk. The vulnerability affects various versions of BIG-IP, and immediate patching is strongly recommended.
Has CVE-2023-46747 been actively exploited in the wild?
As of 8th November 2023, F5 has warned BIG-IP admins that “skilled hackers” are having success exploiting the vulnerability to access systems, then erasing signs of their access and achieve stealthy code execution
Fixing CVE-2023-46747
F5 has released security patches to address this vulnerability. Organizations are strongly advised to apply these patches as soon as possible. If immediate patching is not feasible, F5 has provided some mitigation guidance, which can be found in their article K000137353. Note that the mitigation script should not be used on BIG-IP versions prior to 14.1.0 and is not compatible with systems using the FIPS 140-2 Compliant Mode license.
Next steps
Each new vulnerability is a reminder of where we stand, and what we need to do better. Check out the following resources to help you maintain cyber hygiene and stay ahead of the threat actors:
