CVE-2023-46747

CVSS V2 None CVSS V3 None

Description

Undisclosed requests may bypass configuration utility authentication, allowing an attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

Overview

CVE ID
CVE-2023-46747

Assigner
f5

Vulnerability Status
PUBLISHED

Published Version
2023-10-26T20:04:53.929Z

Last Modified Date
2023-11-06T08:16:47.735Z

Weakness Enumerations

CWE	URL
CWE-288	http://cwe.mitre.org/data/definitions/288.html

References

Reference URL	Reference Tags
https://my.f5.com/manage/s/article/K000137353	vendor-advisory
http://packetstormsecurity.com/files/175673/F5-BIG-IP-TMUI-AJP-Smuggling-Remote-Command-Execution.html
https://www.secpod.com/blog/f5-issues-warning-big-ip-vulnerability-used-in-active-exploit-chain/

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2023-46747
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46747

History

Created	Old Value	New Value	Data Type	Notes
2024-06-24 22:49:23				Added to TrackCVE