Generic filters
Exact matches only
Search in title
Search in content
Filter by Custom Post Type
Posts
Filter by Categories







[CVSS 9+] F5 Warns of Critical BIG-IP Vulnerability

What Happened

F5 has identified a critical vulnerability (CVE-2023-46747) in BIG-IP, potentially allowing unauthenticated remote code execution. The flaw has a CVSS score of 9.8.

Rooted in the configuration utility, Traffic Management User Interface (TMUI), it permits unauthenticated attackers network access to execute arbitrary system commands on BIG-IP, with no data plane exposure. Hence, it does not lead to unauthorised data access, data leakage, or other data-related security issues.

Praetorian, who discovered the issue, reported it on October 4, 2023.

Please note that it is similar to past vulnerabilities CVE-2020-5902 and CVE-2022-1388 reported in TMUI, which could potentially result in a complete system compromise if exploited.

Recommendations

F5 released fixes for affected versions and provided a shell script for mitigation on versions 14.1.0 and later. Temporary workarounds and restricting access to the Traffic Management User Interface are also advised.

Please refer to F5’s advisory for more details.

Organisations using BIG-IP are urged to study the advisory and follow the instructions provided by F5.

RECENT BLOG POSTS

PODCASTS

Cubic Lighthouse is a cybersecurity publication dedicated to demystifying security, making news actionable, providing deeper thinking about the fundamentals of security, and providing decision-makers and the community at large with the right information to make the right decisions. We will also feature more technical articles and provide personal/family security advice.

©2024 Cubic Consulting, a Smart Security Company for your Business – All Rights Reserved.