Security News > 2023 > October > F5 Issues Warning: BIG-IP Vulnerability Allows Remote Code Execution

F5 Issues Warning: BIG-IP Vulnerability Allows Remote Code Execution
2023-10-27 04:23

F5 has alerted customers of a critical security vulnerability impacting BIG-IP that could result in unauthenticated remote code execution. The issue, rooted in the configuration utility component, has been assigned the CVE identifier CVE-2023-46747, and carries a CVSS score of 9.8 out of a maximum of 10. "This vulnerability may allow an unauthenticated attacker with network access to the BIG-IP


News URL

https://thehackernews.com/2023/10/f5-issues-warning-big-ip-vulnerability.html

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2023-10-26 CVE-2023-46747 Missing Authentication for Critical Function vulnerability in F5 products
Undisclosed requests may bypass configuration utility authentication, allowing an attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
network
low complexity
f5 CWE-306
critical
9.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
F5 141 6 267 399 64 736