CVE-2023-46747 — F5 BIG-IP Configuration Utility Authentication Bypass Vulnerability
2023-10-31 • CISA Known Exploited Vulnerability
[event] F5 BIG-IP Configuration utility contains an authentication bypass using an alternate path or channel vulnerability due to undisclosed requests that may allow an unauthenticated attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute system commands. This vulnerability can be used in conjunction with CVE-2023-46748.
> AFFECTED SOFTWARE
| Field | Value |
|---|---|
| Vendor | F5 |
| Product | BIG-IP Configuration Utility |
| CWE | CWE-288 |
| CVE ID | CVE-2023-46747 |
| Date Added | 2023-10-31 |
| Due Date | 2023-11-21 |
| Ransomware Campaign | Known — this vulnerability has been leveraged in ransomware campaigns |
> MITIGATION
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Due Date: 2023-11-21