F5 warning customer: BIG-IP Vulnerability Allows Remote Code Execution

F5 warned customers about a serious security flaw in BIG-IP that may lead to unauthorized remote code execution. An issue has been identified in the configuration utility component. It is assigned the CVE identifier CVE-2023-46747 and has a CVSS score of 9.8 out of 10.

F5 has stated that an unauthenticated attacker with network access to the BIG-IP system may be able to execute arbitrary system commands. This vulnerability only affects the control plane, not the data plane.

The following versions of BIG-IP have been found to be vulnerable –

17.1.0 (Fixed in 17.1.0.3 + Hotfix-BIGIP-17.1.0.3.0.75.4-ENG)
16.1.0 – 16.1.4 (Fixed in 16.1.4.1 + Hotfix-BIGIP-16.1.4.1.0.50.5-ENG)
15.1.0 – 15.1.10 (Fixed in 15.1.10.2 + Hotfix-BIGIP-15.1.10.2.0.44.2-ENG)
14.1.0 – 14.1.5 (Fixed in 14.1.5.6 + Hotfix-BIGIP-14.1.5.6.0.10.6-ENG)
13.1.0 – 13.1.5 (Fixed in 13.1.5.1 + Hotfix-BIGIP-13.1.5.1.0.20.2-ENG)

F5 has provided a shell script for users of BIG-IP versions 14.1.0 and above as a mitigation. However, it should not be used on any BIG-IP version prior to 14.1.0 as it will cause the Configuration utility to not start.

Other temporary workarounds available for users are below –

• Block Configuration utility access through self IP addresses
• Block Configuration utility access through the management interface

To read read F5 Security Advisory click here.

ALSO READ:

CISCO Zero-Day Vulnerabilities exploitation in Bangladesh