F5 Alerts Customers About Critical Security Vulnerability in BIG-IP: Unauthenticated Remote Code Execution Exploitable

F5, a leading provider of application delivery and security services, has issued an alert to customers regarding a critical security vulnerability affecting its BIG-IP product. The vulnerability, found in the configuration utility component, could potentially allow unauthenticated remote code execution. F5 has assigned the identifier CVE-2023-46747 to this issue, which has been classified with a CVSS score of 9.8 out of a maximum of 10.

Vulnerability Description

The security flaw resides within the configuration utility component of the BIG-IP system. An attacker with network access to the BIG-IP system through the management port and/or self IP addresses could potentially exploit this vulnerability. By doing so, they could execute arbitrary system commands, posing a significant risk to the integrity and security of the affected system.

Impact of the Vulnerability

The consequences of the vulnerability are severe, as it allows unauthenticated remote code execution. Attackers leveraging this security flaw could execute arbitrary system commands on the compromised BIG-IP system. This scenario grants them unauthorized access, enabling them to manipulate the system and potentially cause extensive damage or extract sensitive information.

The following versions of the BIG-IP system have been identified as vulnerable to the security flaw: [List affected versions here]. Users operating these versions must take immediate action to address the issue.

Mitigations Offered by F5

To assist users in safeguarding their systems, F5 has released a shell script specifically designed for users running BIG-IP versions 14.1.0 and later. This script aims to mitigate the vulnerability. Additionally, F5 recommends the proactive approach of blocking configuration utility access through the management interface.

Discovery and Reporting

The vulnerability was discovered and reported by Michael Weber and Thomas Hendrickson of Praetorian on October 4, 2023. Their contribution in identifying and reporting this security flaw is crucial in enabling F5 to address the issue promptly.

Technical Description of the Vulnerability

Praetorian, a respected cybersecurity company, has provided a detailed technical report on the vulnerability, describing CVE-2023-46747 as an authentication bypass issue. Exploitation of this weakness has the potential to lead to a complete compromise of the F5 BIG-IP system, granting unauthorized access to attackers.

Praetorian recommends restricting access to the Traffic Management User Interface (TMUI) from the internet as an additional security measure. By limiting access to TMUI, potential attackers will have a harder time exploiting vulnerabilities in the interface.

Previous vulnerabilities in TMUI

It is important to note that this is not the first time vulnerabilities have been discovered in TMUI. In the past, F5 has addressed other unauthenticated remote code execution flaws in this component, including CVE-2020-5902 and CVE-2022-1388. These instances highlight the critical need for continuous vigilance and prompt patching to protect against evolving threats.

The critical security vulnerability affecting BIG-IP underscores the importance of prompt security measures and heightened awareness. Users must ensure that they install the necessary updates and employ recommended mitigations to minimize the risk of compromise. By staying proactive and following the guidance from F5 and security researchers, organizations can enhance their resilience to such threats and protect their valuable systems and data.

Explore more

UK’s 5G Networks Lag Behind Europe in Quality and Coverage

In 2025, a digital challenge hovers over the UK as the nation grapples with underwhelming 5G network performance compared to its European counterparts. Recent analyses from MedUX, a firm specializing in mobile network assessment, have uncovered significant discrepancies between the UK’s target for 5G accessibility and real-world consumer experiences. While theoretical models predict widespread reach, everyday exchanges suggest a different

Shared 5G Standalone Spectrum – Review

The advent of 5G technology has revolutionized telecommunications by ushering in a new era of connectivity. Among these innovations, shared 5G Standalone (SA) spectrum emerges as a novel approach to address increasing data demands. With mobile data usage anticipated to rise to 54 GB per month by 2030, mainly due to indoor consumption, shared 5G SA spectrum represents a significant

How Does Magnati-RAKBANK Partnership Empower UAE SMEs?

The landscape for small and medium-sized enterprises (SMEs) in the UAE is witnessing a paradigm shift. Facing obstacles in accessing finance, SMEs now have a lifeline through the strategic alliance between Magnati and RAKBANK. This collaboration emerges as a pivotal force in transforming financial accessibility, employing advanced embedded finance services tailored to SMEs’ unique needs. It’s a partnership set to

How Does Azure Revolutionize Digital Transformation?

In today’s fast-paced digital era, businesses must swiftly adapt to remain competitive in the ever-evolving technological landscape. The concept of digital transformation has become essential for organizations seeking to integrate advanced technologies into their operations. One key player facilitating this transformation is Microsoft Azure, a cloud platform that’s enabling businesses across various sectors to modernize, scale, and innovate effectively. Through

Digital Transformation Boosts Efficiency in Water Utilities

In a world where water is increasingly scarce, the urgency for efficient water management has never been greater. The global water utilities sector, responsible for supplying this vital resource, is facing significant challenges. As demand is projected to surpass supply by 40% within the next decade, water utilities worldwide struggle with inefficiencies and high water loss, averaging losses of one-third