Vulnerabilities F5 Warns of Critical Remote Code Execution Vulnerability in BIG-IP
F5, a security and application delivery solutions provider, has issued a warning to its customers about a critical-severity vulnerability in its BIG-IP product. The vulnerability, tracked as CVE-2023-46747, allows unauthenticated attackers to remotely execute arbitrary code. This vulnerability poses a significant risk as it allows attackers to gain full administrative privileges and execute commands as root on impacted BIG-IP systems.
Vulnerability Details
Praetorian Security, the company that identified the bug, describes CVE-2023-46747 as a request smuggling issue. It is closely related to another vulnerability (CVE-2022-26377) found in the Apache HTTP Server. Attackers can exploit this vulnerability to bypass authentication and execute arbitrary system commands. All BIG-IP systems with the Traffic Management User Interface exposed to the internet are affected.
Recommended Actions
According to F5, the issue is rooted in the configuration utility component. F5 has released hotfixes for all impacted versions (13.x through 17.x) of BIG-IP and a shell script for versions 14.1.0 and later to mitigate the vulnerability. However, it is important for BIG-IP users to install these patches as soon as possible and restrict access to the Traffic Management User Interface.
Praetorian advises that the Traffic Management User Interface should not be accessible from the public internet. This additional precautionary measure can further reduce the risk of unauthorized access and potential exploitation of this vulnerability.
Vulnerability Impact
According to Praetorian, there are more than 6,000 internet-facing instances of the BIG-IP application, which puts them at risk of exploitation. Some of these instances belong to government entities and Fortune 500 companies, highlighting the potential impact of this vulnerability. However, F5 has not mentioned any reports of CVE-2023-46747 being exploited in malicious attacks.
Conclusion
CVE-2023-46747 is a critical-severity vulnerability that F5 BIG-IP users should address immediately. The ability for unauthenticated attackers to execute arbitrary code remotely poses a significant risk to organizations, especially those with internet-facing instances of BIG-IP. By promptly installing the available patches and restricting access to the Traffic Management User Interface, organizations can mitigate the risk and protect their systems from potential exploitation.
Disclaimer:
The information provided in this report is based on publicly available sources and is for informational purposes only. It is not intended as legal or professional advice. Organizations should consult with their IT and security teams to assess the impact of this vulnerability and determine appropriate remediation actions.
<< photo by cottonbro studio >>
The image is for illustrative purposes only and does not depict the actual situation.
You might want to read !
- Unveiling the Shadows: Shedding Light on the Dark Side of AI
- Integrating Global Expertise: UN Chief sets up Panel for International Governance of Artificial Intelligence
- Navigating Turbulent Waters: Strategies for Sustaining Business Amidst Controversy
- The Rise of AI Vulnerabilities: Google Expands Bug Bounty Program to Protect Against Emerging Threats
- Ransomware Persists as the Leading Menace for Enterprises: SonicWall Data Reveals
- Cisco’s Alarming Alert: Vulnerability Discovered in IOS and IOS XE Software, Prompts Urgent Action
- Apple Takes Urgent Action to Secure iPhones Amid Pegasus Spyware Breach
- See Tickets Takes Urgent Action to Protect 300,000 Customers from Web Skimmer Attack
