October 27, 2023 at 10:43AM
F5 has issued a warning to customers about a critical vulnerability in its BIG-IP product. The vulnerability, tracked as CVE-2023-46747, allows an unauthenticated attacker to remotely execute arbitrary code. The flaw is closely related to a request smuggling issue in the Apache HTTP Server and can be exploited to gain full administrative privileges. All BIG-IP systems with the Traffic Management User Interface exposed are affected, and F5 has released patches and a shell script to mitigate the issue. Users are advised to install patches and restrict access to the User Interface.
During the meeting, F5, a security and application delivery solutions provider, alerted customers to a critical vulnerability (CVE-2023-46747) in its BIG-IP product. This vulnerability, with a CVSS score of 9.8, affects the Traffic Management User Interface and allows unauthenticated attackers to remotely execute arbitrary code. F5 states that the vulnerability only affects the control plane and not the data plane.
The bug, identified by Praetorian Security, is a request smuggling issue that grants unauthenticated attackers full administrative privileges on a compromised BIG-IP system. It is closely related to CVE-2022-26377, a request smuggling flaw in the Apache HTTP Server, and can be exploited to bypass authentication and execute root commands.
All BIG-IP systems with an exposed Traffic Management User Interface accessible via the internet are vulnerable to this issue. F5 has released hotfixes for affected versions 13.x through 17.x and has provided a shell script to mitigate the issue in BIG-IP versions 14.1.0 and later.
Praetorian reports that over 6,000 internet-facing instances of the BIG-IP application are at risk, including those belonging to government entities and Fortune 500 companies. Technical details of the vulnerability will be disclosed once most BIG-IP users have installed the patches.
Users of BIG-IP are strongly advised to apply the available patches promptly and restrict access to the Traffic Management User Interface, ensuring it is not accessible from the public internet. Although F5 has not reported any known instances of CVE-2023-46747 being exploited, it is crucial to address the vulnerability to minimize risk.
For further information, please refer to F5’s advisory.