Home
Forums
New posts
Search forums
What's new
New posts
New profile posts
Latest activity
Members
Current visitors
New profile posts
Search profile posts
Log in
Register
What's new
Search
Search
Search titles only
By:
New posts
Search forums
Menu
Log in
Register
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Reply to thread
Home
Forums
CARDING & HACKING
Carding News
F5's Critical BIG-IP Breach Allows Hackers to Execute Remote code
Message
<blockquote data-quote="Plotu" data-source="post: 430" data-attributes="member: 5"><p>The company has already released fixes, and also offered a number of temporary solutions for administrators.</p><p></p><p>The multinational company F5, which specializes in services related to Internet sites and applications, warned its customers about a critical vulnerability in the company's BIG-IP product, which allows remote code execution without authentication.</p><p></p><p>This vulnerability, discovered in a component of the configuration utility, was identified as CVE-2023-46747 and was rated 9.8 out of 10 possible points on the CVSS scale.</p><p></p><p>The discovery of the vulnerability is attributed to researchers Michael Weber and Thomas Hendrickson from Praetorian, who also released their detailed technical report with nuances of CVE-2023-46747.</p><p></p><p>F5 clarified: "This vulnerability can allow an unauthorized attacker who has network access to the BIG-IP system via the management port and / or their own IP addresses to execute arbitrary system commands." The problem is only related to the product's management interface.</p><p></p><p>The company identified the following vulnerable versions of BIG-IP:</p><ul> <li data-xf-list-type="ul">17.1.0 (Fixed in 17.1.0.3 + Hotfix-BIGIP-17.1.0.3.0.75.4-ENG);</li> <li data-xf-list-type="ul">16.1.0 - 16.1.4 (Fixed in 16.1.4.1 + Hotfix-BIGIP-16.1.4.1.0.50.5-ENG);</li> <li data-xf-list-type="ul">15.1.0 - 15.1.10 (Fixed in 15.1.10.2 + Hotfix-BIGIP-15.1.10.2.0.44.2-ENG);</li> <li data-xf-list-type="ul">14.1.0 - 14.1.5 (Fixed in 14.1.5.6 + Hotfix-BIGIP-14.1.5.6.0.10.6-ENG);</li> <li data-xf-list-type="ul">13.1.0 - 13.1.5 (Fixed in 13.1.5.1 + Hotfix-BIGIP-13.1.5.1.0.20.2-ENG);</li> </ul><p>As a temporary solution, F5 suggested using a special script that can be applied starting from version 14.1.0. Representatives of the company emphasized that this script should not be used on BIG-IP versions below 14.1.0, so as not to get even bigger problems with BIG-IP instances. The script itself and instructions for using it are available on the company's recommendations page.</p><p></p><p>Additional recommendations for users include the following tips:</p><ul> <li data-xf-list-type="ul">block access to the configuration utility via your own IP addresses;</li> <li data-xf-list-type="ul">block access to the configuration utility via the management interface .</li> </ul><p>It is worth noting that CVE-2023-46747 is the third vulnerability that allows remote code execution without authentication, discovered in the BIG-IP TMUI user interface after CVE-2020-5902 and CVE-2022-1388.</p></blockquote><p></p>
[QUOTE="Plotu, post: 430, member: 5"] The company has already released fixes, and also offered a number of temporary solutions for administrators. The multinational company F5, which specializes in services related to Internet sites and applications, warned its customers about a critical vulnerability in the company's BIG-IP product, which allows remote code execution without authentication. This vulnerability, discovered in a component of the configuration utility, was identified as CVE-2023-46747 and was rated 9.8 out of 10 possible points on the CVSS scale. The discovery of the vulnerability is attributed to researchers Michael Weber and Thomas Hendrickson from Praetorian, who also released their detailed technical report with nuances of CVE-2023-46747. F5 clarified: "This vulnerability can allow an unauthorized attacker who has network access to the BIG-IP system via the management port and / or their own IP addresses to execute arbitrary system commands." The problem is only related to the product's management interface. The company identified the following vulnerable versions of BIG-IP: [LIST] [*]17.1.0 (Fixed in 17.1.0.3 + Hotfix-BIGIP-17.1.0.3.0.75.4-ENG); [*]16.1.0 - 16.1.4 (Fixed in 16.1.4.1 + Hotfix-BIGIP-16.1.4.1.0.50.5-ENG); [*]15.1.0 - 15.1.10 (Fixed in 15.1.10.2 + Hotfix-BIGIP-15.1.10.2.0.44.2-ENG); [*]14.1.0 - 14.1.5 (Fixed in 14.1.5.6 + Hotfix-BIGIP-14.1.5.6.0.10.6-ENG); [*]13.1.0 - 13.1.5 (Fixed in 13.1.5.1 + Hotfix-BIGIP-13.1.5.1.0.20.2-ENG); [/LIST] As a temporary solution, F5 suggested using a special script that can be applied starting from version 14.1.0. Representatives of the company emphasized that this script should not be used on BIG-IP versions below 14.1.0, so as not to get even bigger problems with BIG-IP instances. The script itself and instructions for using it are available on the company's recommendations page. Additional recommendations for users include the following tips: [LIST] [*]block access to the configuration utility via your own IP addresses; [*]block access to the configuration utility via the management interface . [/LIST] It is worth noting that CVE-2023-46747 is the third vulnerability that allows remote code execution without authentication, discovered in the BIG-IP TMUI user interface after CVE-2020-5902 and CVE-2022-1388. [/QUOTE]
Name
Verification
Post reply
Home
Forums
CARDING & HACKING
Carding News
F5's Critical BIG-IP Breach Allows Hackers to Execute Remote code
Top