certfr_avis - CERTFR-2023-AVI-0897

CERTFR-2023-AVI-0897

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité a été découverte dans F5 BIG-IP. Elle permet à un attaquant de provoquer une exécution de code arbitraire à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
F5	BIG-IP	BIG-IP versions 14.x antérieures à 14.1.5.6 avec le correctif Hotfix-BIGIP-14.1.5.6.0.10.6-ENG
F5	BIG-IP	BIG-IP versions 17.x antérieures à 17.1.0.3 avec le correctif Hotfix-BIGIP-17.1.0.3.0.75.4-ENG
F5	BIG-IP	BIG-IP versions 13.x antérieures à 13.1.5.1 avec le correctif Hotfix-BIGIP-13.1.5.1.0.20.2-ENG
F5	BIG-IP	BIG-IP versions 15.x antérieures à 15.1.10.2 avec le correctif Hotfix-BIGIP-15.1.10.2.0.44.2-ENG
F5	BIG-IP	BIG-IP versions 16.x antérieures à 16.1.4.1 avec le correctif Hotfix-BIGIP-16.1.4.1.0.50.5-ENG

References

Title

Publication Time

CVE-2023-46747 (GCVE-0-2023-46747)

Vulnerability from cvelistv5 – Published: 2023-10-26 20:04 – Updated: 2025-10-21 23:05

Summary

Undisclosed requests may bypass configuration utility authentication, allowing an attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

Severity ?

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-288 - Authentication Bypass Using an Alternate Path or Channel

Assigner

References

URL

Tags

	https://my.f5.com/manage/s/article/K000137353	vendor-advisory
	http://packetstormsecurity.com/files/175673/F5-BI…
	https://www.secpod.com/blog/f5-issues-warning-big…

Impacted products

	Vendor	Product	Version
	F5	BIG-IP	Affected: 17.1.0 , < * (semver) Affected: 16.1.0 , < * (semver) Affected: 15.1.0 , < * (semver) Affected: 14.1.0 , < * (semver) Affected: 13.1.0 , < * (semver)

Credits

F5 acknowledges Thomas Hendrickson and Michael Weber of Praetorian Security, Inc. for bringing this issue to our attention and following the highest standards of coordinated disclosure.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T20:53:21.594Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://my.f5.com/manage/s/article/K000137353"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/175673/F5-BIG-IP-TMUI-AJP-Smuggling-Remote-Command-Execution.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.secpod.com/blog/f5-issues-warning-big-ip-vulnerability-used-in-active-exploit-chain/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-46747",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-10T22:07:47.164316Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2023-10-31",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-46747"
              },
              "type": "kev"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-21T23:05:33.431Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "government-resource"
            ],
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-46747"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2023-10-31T00:00:00+00:00",
            "value": "CVE-2023-46747 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "modules": [
            "All Modules"
          ],
          "product": "BIG-IP",
          "vendor": "F5",
          "versions": [
            {
              "changes": [
                {
                  "at": "Hotfix-BIGIP-17.1.0.3.0.75.4-ENG.iso",
                  "status": "unaffected"
                },
                {
                  "at": "Hotfix-BIGIP-17.1.1.0.2.6-ENG.iso",
                  "status": "unaffected"
                }
              ],
              "lessThan": "*",
              "status": "affected",
              "version": "17.1.0",
              "versionType": "semver"
            },
            {
              "changes": [
                {
                  "at": "Hotfix-BIGIP-16.1.4.1.0.50.5-ENG.iso",
                  "status": "unaffected"
                }
              ],
              "lessThan": "*",
              "status": "affected",
              "version": "16.1.0",
              "versionType": "semver"
            },
            {
              "changes": [
                {
                  "at": "Hotfix-BIGIP-15.1.10.2.0.44.2-ENG.iso",
                  "status": "unaffected"
                }
              ],
              "lessThan": "*",
              "status": "affected",
              "version": "15.1.0",
              "versionType": "semver"
            },
            {
              "changes": [
                {
                  "at": "Hotfix-BIGIP-14.1.5.6.0.10.6-ENG.iso",
                  "status": "unaffected"
                }
              ],
              "lessThan": "*",
              "status": "affected",
              "version": "14.1.0",
              "versionType": "semver"
            },
            {
              "changes": [
                {
                  "at": "Hotfix-BIGIP-13.1.5.1.0.20.2-ENG.iso",
                  "status": "unaffected"
                }
              ],
              "lessThan": "*",
              "status": "affected",
              "version": "13.1.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "F5 acknowledges Thomas Hendrickson and Michael Weber of Praetorian Security, Inc. for bringing this issue to our attention and following the highest standards of coordinated disclosure."
        }
      ],
      "datePublic": "2023-10-26T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cdiv\u003eUndisclosed requests may bypass configuration utility authentication, allowing an attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands.\u003cspan style=\"background-color: var(--wht);\"\u003e\u0026nbsp;\u0026nbsp;\u003c/span\u003e\u003cspan style=\"background-color: var(--wht);\"\u003eNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated\u003c/span\u003e\u003c/div\u003e\u003c/span\u003e"
            }
          ],
          "value": "Undisclosed requests may bypass configuration utility authentication, allowing an attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands.\u00a0\u00a0Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-288",
              "description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-11-16T01:59:49.829Z",
        "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
        "shortName": "f5"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://my.f5.com/manage/s/article/K000137353"
        },
        {
          "url": "http://packetstormsecurity.com/files/175673/F5-BIG-IP-TMUI-AJP-Smuggling-Remote-Command-Execution.html"
        },
        {
          "url": "https://www.secpod.com/blog/f5-issues-warning-big-ip-vulnerability-used-in-active-exploit-chain/"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "BIG-IP Configuration utility unauthenticated remote code execution vulnerability",
      "x_generator": {
        "engine": "F5 SIRTBot v1.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
    "assignerShortName": "f5",
    "cveId": "CVE-2023-46747",
    "datePublished": "2023-10-26T20:04:53.929Z",
    "dateReserved": "2023-10-25T18:51:34.198Z",
    "dateUpdated": "2025-10-21T23:05:33.431Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted