F5 BIG-IP remote code execution bug [CVE-2023-46747]
CVE number = CVE-2023-46747
Undisclosed requests may bypass configuration utility authentication, allowing an attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands.
This vulnerability may allow an unauthenticated attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands. There is no data plane exposure; this is a control plane issue only.
F5 has fixed this issue in an engineering hotfix that is available for versions of the BIG-IP system which have not yet reached End of Software Development. Customers affected by this issue can download the engineering hotfix from the MyF5 Downloads page
Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.