F5 Alerts Customers About Critical Security Vulnerability in BIG-IP: Unauthenticated Remote Code Execution Exploitable

F5, a leading provider of application delivery and security services, has issued an alert to customers regarding a critical security vulnerability affecting its BIG-IP product. The vulnerability, found in the configuration utility component, could potentially allow unauthenticated remote code execution. F5 has assigned the identifier CVE-2023-46747 to this issue, which has been classified with a CVSS score of 9.8 out of a maximum of 10.

Vulnerability Description

The security flaw resides within the configuration utility component of the BIG-IP system. An attacker with network access to the BIG-IP system through the management port and/or self IP addresses could potentially exploit this vulnerability. By doing so, they could execute arbitrary system commands, posing a significant risk to the integrity and security of the affected system.

Impact of the Vulnerability

The consequences of the vulnerability are severe, as it allows unauthenticated remote code execution. Attackers leveraging this security flaw could execute arbitrary system commands on the compromised BIG-IP system. This scenario grants them unauthorized access, enabling them to manipulate the system and potentially cause extensive damage or extract sensitive information.

The following versions of the BIG-IP system have been identified as vulnerable to the security flaw: [List affected versions here]. Users operating these versions must take immediate action to address the issue.

Mitigations Offered by F5

To assist users in safeguarding their systems, F5 has released a shell script specifically designed for users running BIG-IP versions 14.1.0 and later. This script aims to mitigate the vulnerability. Additionally, F5 recommends the proactive approach of blocking configuration utility access through the management interface.

Discovery and Reporting

The vulnerability was discovered and reported by Michael Weber and Thomas Hendrickson of Praetorian on October 4, 2023. Their contribution in identifying and reporting this security flaw is crucial in enabling F5 to address the issue promptly.

Technical Description of the Vulnerability

Praetorian, a respected cybersecurity company, has provided a detailed technical report on the vulnerability, describing CVE-2023-46747 as an authentication bypass issue. Exploitation of this weakness has the potential to lead to a complete compromise of the F5 BIG-IP system, granting unauthorized access to attackers.

Praetorian recommends restricting access to the Traffic Management User Interface (TMUI) from the internet as an additional security measure. By limiting access to TMUI, potential attackers will have a harder time exploiting vulnerabilities in the interface.

Previous vulnerabilities in TMUI

It is important to note that this is not the first time vulnerabilities have been discovered in TMUI. In the past, F5 has addressed other unauthenticated remote code execution flaws in this component, including CVE-2020-5902 and CVE-2022-1388. These instances highlight the critical need for continuous vigilance and prompt patching to protect against evolving threats.

The critical security vulnerability affecting BIG-IP underscores the importance of prompt security measures and heightened awareness. Users must ensure that they install the necessary updates and employ recommended mitigations to minimize the risk of compromise. By staying proactive and following the guidance from F5 and security researchers, organizations can enhance their resilience to such threats and protect their valuable systems and data.

Explore more

Mastering Digital Marketing for NGOs in 2025: A Guide

In a world where over 5 billion people are online daily, NGOs face an unprecedented opportunity to amplify their missions through digital channels, yet the challenge of cutting through the noise has never been greater. Imagine an organization like Dianova International, working across 17 countries on critical issues like health, education, and gender equality, struggling to reach the right audience

How Can Leaders Prepare for the Cognitive Revolution?

Embracing the Intelligence Age: Why Leaders Must Act Now Imagine a world where machines not only perform tasks but also think, learn, and adapt alongside human workers, transforming every industry from manufacturing to healthcare in ways we are only beginning to comprehend. This is not a distant dream but the reality of the cognitive industrial revolution, often referred to as

Why Do Leaders Lack Empathy During Layoffs? New Survey Shows

Introduction In the current business landscape, layoffs have become a stark reality, cutting across industries from technology to retail, with countless employees facing the uncertainty of job loss. A staggering 53% of workers globally express fear of being laid off within the next year, reflecting a pervasive anxiety that shapes workplace dynamics and underscores a critical challenge for leaders. How

Employee Engagement Crisis: How to Restore Workplace Happiness

We’re thrilled to sit down with Ling-Yi Tsai, a renowned HRTech expert with decades of experience helping organizations navigate change through innovative technology. With a deep focus on HR analytics and the seamless integration of tech in recruitment, onboarding, and talent management, Ling-Yi offers invaluable insights into the pressing challenges of employee engagement and workplace well-being. In this conversation, we

How Is AI Transforming Digital Marketing Strategies?

Artificial Intelligence (AI) is rapidly becoming a cornerstone of digital marketing, fundamentally altering how brands connect with audiences in an increasingly crowded online space. As businesses grapple with the challenge of capturing consumer attention amidst endless streams of content, AI offers a lifeline by providing tools that personalize experiences, streamline operations, and deliver data-driven insights. This technological shift is not