F5 Issues Warning: BIG-IP Vulnerability Allows Remote Code Execution

F5 has alerted customers of a critical security vulnerability impacting Large-IP that could final result in unauthenticated remote code execution.

The issue, rooted in the configuration utility element, has been assigned the CVE identifier CVE-2023-46747, and carries a CVSS score of 9.8 out of a highest of 10.

“This vulnerability might allow an unauthenticated attacker with network entry to the Significant-IP method via the administration port and/or self IP addresses to execute arbitrary program instructions,” F5 stated in an advisory released Thursday. “There is no knowledge aircraft publicity this is a regulate aircraft issue only.”

✔ Approved Seller From Our Partners

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount

The pursuing variations of Big-IP have been uncovered to be vulnerable –

• 17.1. (Fixed in 17.1..3 + Hotfix-BIGIP-17.1..3..75.4-ENG)
• 16.1. – 16.1.4 (Fastened in 16.1.4.1 + Hotfix-BIGIP-16.1.4.1..50.5-ENG)
• 15.1. – 15.1.10 (Preset in 15.1.10.2 + Hotfix-BIGIP-15.1.10.2..44.2-ENG)
• 14.1. – 14.1.5 (Fastened in 14.1.5.6 + Hotfix-BIGIP-14.1.5.6..10.6-ENG)
• 13.1. – 13.1.5 (Mounted in 13.1.5.1 + Hotfix-BIGIP-13.1.5.1..20.2-ENG)

As mitigations, F5 has also made obtainable a shell script for people of Large-IP variations 14.1. and afterwards. “This script must not be made use of on any Large-IP version prior to 14.1. or it will prevent the Configuration utility from starting off,” the organization warned.

Other momentary workarounds out there for customers are under –

• Block Configuration utility entry by means of self IP addresses
• Block Configuration utility access by the administration interface

Michael Weber and Thomas Hendrickson of Praetorian have been credited with identifying and reporting the vulnerability on Oct 4, 2023.

The cybersecurity company, in a technological report of its have, explained CVE-2023-46747 as an authentication bypass issue that can direct to a total compromise of the F5 method by executing arbitrary commands as root on the focus on program, noting it is really “closely relevant to CVE-2022-26377.”

Praetorian is also recommending that people prohibit obtain to the Traffic Management Consumer Interface (TMUI) from the internet. It really is well worth noting that CVE-2023-46747 is the 3rd unauthenticated distant code execution flaw uncovered in TMUI soon after CVE-2020-5902 and CVE-2022-1388.

“A seemingly lower affect ask for smuggling bug can become a really serious issue when two distinct companies offload authentication duties onto every other,” the scientists stated. “Sending requests to the ‘backend’ services that assumes the ‘frontend’ dealt with authentication can direct to some interesting actions.”

Uncovered this short article exciting? Follow us on Twitter  and LinkedIn to browse far more distinctive content we put up.