Thursday , November 30 2023

F5 warning customer: BIG-IP Vulnerability Allows Remote Code Execution

F5 warned customers about a serious security flaw in BIG-IP that may lead to unauthorized remote code execution. An issue has been identified in the configuration utility component. It is assigned the CVE identifier CVE-2023-46747 and has a CVSS score of 9.8 out of 10.

F5 has stated that an unauthenticated attacker with network access to the BIG-IP system may be able to execute arbitrary system commands. This vulnerability only affects the control plane, not the data plane.

The following versions of BIG-IP have been found to be vulnerable –

17.1.0 (Fixed in + Hotfix-BIGIP-
16.1.0 – 16.1.4 (Fixed in + Hotfix-BIGIP-
15.1.0 – 15.1.10 (Fixed in + Hotfix-BIGIP-
14.1.0 – 14.1.5 (Fixed in + Hotfix-BIGIP-
13.1.0 – 13.1.5 (Fixed in + Hotfix-BIGIP-

F5 has provided a shell script for users of BIG-IP versions 14.1.0 and above as a mitigation. However, it should not be used on any BIG-IP version prior to 14.1.0 as it will cause the Configuration utility to not start.

Other temporary workarounds available for users are below –

To read read F5 Security Advisory click here.


CISCO Zero-Day Vulnerabilities exploitation in Bangladesh


About infosecbulletin

Check Also

Ashwini Vaishnaw, Union Information Technology Minister, India

Alarming increases deepfake video
India to have regulations tackle deepfakes: IT Minister Vaishnaw

Deepfake technology in India: India has a population of 1.4 billion, making it the second …

Leave a Reply

Your email address will not be published. Required fields are marked *