

Frost & Sullivan Names Cyberint "Company of the Year" in External Risk Mitigation & Management Category
A critical vulnerability, known as CVE-2023-46747, has been discovered in the widely used F5 BIG-IP Configuration Utility. This vulnerability has been assigned a CVSS score of 9.8 (critical), denoting its high severity. What makes it particularly alarming is its potential to allow unauthenticated attackers to execute arbitrary system commands, which could lead to a compromise of the system. It’s important to note that, at the time of writing, Cyberint was able to find a proof-of-concept exploit of the vulnerability but not a real-world attack targeting CVE-2023-46747.
CVE-2023-46747 was discovered by security researchers who reported their findings to F5 on October 4. In response, F5 released security patches on October 26, 2023, urging organizations to apply these patches urgently.
Many organizations worldwide rely on F5 BIG-IP products to manage and secure their web traffic. Within the F5 BIG-IP system, the F5 Traffic Management User Interface (TMUI) plays a vital role. It functions as a graphical user interface (GUI) that offers users an intuitive platform for overseeing and monitoring the various functionalities of the BIG-IP system. The Traffic Management User Interface is the focal point of this vulnerability and has a history of security issues, including CVE-2022-1388 and CVE-2020-5902.
At the heart of this critical vulnerability lies a flaw in the Configuration Utility’s handling of HTTP requests. This flaw enables threat actors to bundle multiple HTTP requests into a single packet, thus bypassing authentication and executing arbitrary commands within the BIG-IP system. This impact extends across various BIG-IP modules, although BIG-IP Next products remain unaffected.
With a CVSS score of 9.8, CVE-2023-46747 enables unauthenticated attackers to execute commands as root users on vulnerable F5 BIG-IP systems. This authentication bypass issue can lead to a complete compromise of the victim’s system which might result in data theft, deploying of ransomware or any other type of malware, pivoting and targeting additional companies and even complete domain takeover.
Organizations that have not applied patches to their F5 BIG-IP products, especially those that have left the Traffic Management User Interface (TMUI) exposed to the internet, are at risk from this critical vulnerability.
The impacted BIG-IP versions encompass the following:
It is noteworthy that CVE-2023-46747 does not affect BIG-IP Next, BIG-IQ Centralized Management, F5 Distributed Cloud Services, F5OS, NGINX, and Traffix SDC products. Unsupported product versions that have reached their End of Life (EoL) have not undergone evaluation in relation to CVE-2023-46747, which leaves their vulnerability status undetermined.
Cyberint recommends mitigating the risk of CVE-2023-46747 by taking the following proactive measures:
By taking these steps, organizations can help to protect their F5 BIG-IP systems from unauthorized access and potential exploitation.
Vulnerability intelligence, tailored to your external attack surface. Focus your prioritization, maximize effectiveness of patching strategy and minimize exposure risk. Get a Demo.
Fill in your business email to start