CVE-2023-46747: Critical Authentication Bypass Vulnerability in F5 BIG-IP

On October 25, Praetorian published a blog post warning of a newly discovered vulnerability in F5 BIG-IP that could allow an unauthenticated attacker to execute code on affected devices. Their initial blog post indicated that BIG-IP instances that exposed the Traffic Management User Interface (TMUI) were at risk and that exploitation of the vulnerability would allow “full administrative privileges.”

On October 26, F5 published a security advisory for the vulnerability along with a CVE identifier, CVE-2023-46747, while Praetorian published another blog post describing how they identified the vulnerability with some limited technical details. Praetorian notes that additional details will be released at a later date to ensure affected users have adequate time to patch.

CVE-2023-46747 is a critical severity authentication bypass vulnerability in F5 BIG-IP that could allow an unauthenticated attacker to achieve remote code execution (RCE). The vulnerability impacts the BIG-IP Configuration utility, also known as the TMUI, wherein arbitrary requests can bypass authentication.

With historical exploitation and targeting of F5 BIG-IP instances, we strongly recommend patching for this vulnerability as soon as possible. 

For more information about this vulnerability, including the availability of patches and Tenable product coverage, please visit our blog.