Member
- Joined
- Oct 10, 2023
- Messages
- 133
- Thread Author
- #1
The company has already released fixes, and also offered a number of temporary solutions for administrators.
The multinational company F5, which specializes in services related to Internet sites and applications, warned its customers about a critical vulnerability in the company's BIG-IP product, which allows remote code execution without authentication.
This vulnerability, discovered in a component of the configuration utility, was identified as CVE-2023-46747 and was rated 9.8 out of 10 possible points on the CVSS scale.
The discovery of the vulnerability is attributed to researchers Michael Weber and Thomas Hendrickson from Praetorian, who also released their detailed technical report with nuances of CVE-2023-46747.
F5 clarified: "This vulnerability can allow an unauthorized attacker who has network access to the BIG-IP system via the management port and / or their own IP addresses to execute arbitrary system commands." The problem is only related to the product's management interface.
The company identified the following vulnerable versions of BIG-IP:
Additional recommendations for users include the following tips:
The multinational company F5, which specializes in services related to Internet sites and applications, warned its customers about a critical vulnerability in the company's BIG-IP product, which allows remote code execution without authentication.
This vulnerability, discovered in a component of the configuration utility, was identified as CVE-2023-46747 and was rated 9.8 out of 10 possible points on the CVSS scale.
The discovery of the vulnerability is attributed to researchers Michael Weber and Thomas Hendrickson from Praetorian, who also released their detailed technical report with nuances of CVE-2023-46747.
F5 clarified: "This vulnerability can allow an unauthorized attacker who has network access to the BIG-IP system via the management port and / or their own IP addresses to execute arbitrary system commands." The problem is only related to the product's management interface.
The company identified the following vulnerable versions of BIG-IP:
- 17.1.0 (Fixed in 17.1.0.3 + Hotfix-BIGIP-17.1.0.3.0.75.4-ENG);
- 16.1.0 - 16.1.4 (Fixed in 16.1.4.1 + Hotfix-BIGIP-16.1.4.1.0.50.5-ENG);
- 15.1.0 - 15.1.10 (Fixed in 15.1.10.2 + Hotfix-BIGIP-15.1.10.2.0.44.2-ENG);
- 14.1.0 - 14.1.5 (Fixed in 14.1.5.6 + Hotfix-BIGIP-14.1.5.6.0.10.6-ENG);
- 13.1.0 - 13.1.5 (Fixed in 13.1.5.1 + Hotfix-BIGIP-13.1.5.1.0.20.2-ENG);
Additional recommendations for users include the following tips:
- block access to the configuration utility via your own IP addresses;
- block access to the configuration utility via the management interface .