F5, a leading provider of application delivery and security services, has issued an alert to customers regarding a critical security vulnerability affecting its BIG-IP product. The vulnerability, found in the configuration utility component, could potentially allow unauthenticated remote code execution. F5 has assigned the identifier CVE-2023-46747 to this issue, which has been classified with a CVSS score of 9.8 out of a maximum of 10.
Vulnerability Description
The security flaw resides within the configuration utility component of the BIG-IP system. An attacker with network access to the BIG-IP system through the management port and/or self IP addresses could potentially exploit this vulnerability. By doing so, they could execute arbitrary system commands, posing a significant risk to the integrity and security of the affected system.
Impact of the Vulnerability
The consequences of the vulnerability are severe, as it allows unauthenticated remote code execution. Attackers leveraging this security flaw could execute arbitrary system commands on the compromised BIG-IP system. This scenario grants them unauthorized access, enabling them to manipulate the system and potentially cause extensive damage or extract sensitive information.
The following versions of the BIG-IP system have been identified as vulnerable to the security flaw: [List affected versions here]. Users operating these versions must take immediate action to address the issue.
Mitigations Offered by F5
To assist users in safeguarding their systems, F5 has released a shell script specifically designed for users running BIG-IP versions 14.1.0 and later. This script aims to mitigate the vulnerability. Additionally, F5 recommends the proactive approach of blocking configuration utility access through the management interface.
Discovery and Reporting
The vulnerability was discovered and reported by Michael Weber and Thomas Hendrickson of Praetorian on October 4, 2023. Their contribution in identifying and reporting this security flaw is crucial in enabling F5 to address the issue promptly.
Technical Description of the Vulnerability
Praetorian, a respected cybersecurity company, has provided a detailed technical report on the vulnerability, describing CVE-2023-46747 as an authentication bypass issue. Exploitation of this weakness has the potential to lead to a complete compromise of the F5 BIG-IP system, granting unauthorized access to attackers.
Praetorian recommends restricting access to the Traffic Management User Interface (TMUI) from the internet as an additional security measure. By limiting access to TMUI, potential attackers will have a harder time exploiting vulnerabilities in the interface.
Previous vulnerabilities in TMUI
It is important to note that this is not the first time vulnerabilities have been discovered in TMUI. In the past, F5 has addressed other unauthenticated remote code execution flaws in this component, including CVE-2020-5902 and CVE-2022-1388. These instances highlight the critical need for continuous vigilance and prompt patching to protect against evolving threats.
The critical security vulnerability affecting BIG-IP underscores the importance of prompt security measures and heightened awareness. Users must ensure that they install the necessary updates and employ recommended mitigations to minimize the risk of compromise. By staying proactive and following the guidance from F5 and security researchers, organizations can enhance their resilience to such threats and protect their valuable systems and data.