Buckle Up for a Wild Cybersecurity Ride: Unmasking the Infamous CVE-2023-46747

Say hello to CVE-2023-46747, the latest F5 BIG-IP vulnerability exploitation. Like an uninvited house guest, this flaw lets any hacker tap dance through your security, all while you’re blissfully unaware. So, if your TMUI is catching some online rays, it’s high time you slammed that door shut. Let’s dive into this cybersecurity sitcom!

Hot Take:

Get ready to put on your best shocked face, folks! A new critical vulnerability, luxuriously dubbed as CVE-2023-46747, has popped up in the F5 BIG-IP configuration utility. This sneaky pest allows any Tom, Dick, or Hacker with remote access to perform unauthenticated remote code execution. In layman’s terms? It’s like leaving your front door wide open with a sign saying “Rob me, I’m not home!” The vulnerability doesn’t impact everyone, just those with the Traffic Management User Interface (TMUI) hanging out on the internet. So, let’s pull up a chair, grab some popcorn, and dive into this cybersecurity soap opera.

Key Points:

  • The vulnerability, known as CVE-2023-46747, allows an attacker with remote access to the F5 BIG-IP configuration utility to execute remote code unauthenticated.
  • This flaw has been rated as “critical” with a CVSS v3.1 score of 9.8, as it can be exploited in low-complexity attacks.
  • The exploit can only impact devices with the TMUI exposed to the internet.
  • Affected BIG-IP versions include 17.x: 17.1.0 to 13.x: 13.1.0 – 13.1.5.
  • Unsupported product versions that have reached the end of life (EoL) have not been evaluated against this vulnerability.

Need to know more?

Who Found the Trouble in Paradise?

Our heroic duo from Praetorian Security, Thomas Hendrickson and Michael Weber, discovered this nasty bug. They blew the whistle to the vendor on October 5, 2023, and technical details about CVE-2023-46747 were shared. The researchers are keeping the full exploitation details under wraps until system patching picks up speed.

F5 to the Rescue

F5 confirmed the vulnerability on October 12 and released a security update along with an advisory on October 26, 2023. The recommended BIG-IP update versions that address the vulnerability range from to

DIY Mitigation

For those administrators who can't apply the security update, F5 provided a script in the advisory to help mitigate the problem. There's a catch though; the script is only suitable for BIG-IP versions 14.1.0 and later. Also, if you're using a FIPS 140-2 Compliant Mode license, tread cautiously. The mitigation script can trigger FIPS integrity check failures.

Who Should Be Worried?

If you're a government, Fortune 500 firm, bank, service provider, or major consumer brand using F5 BIG-IP devices, it's time to get your act together. Apply those fixes or mitigations pronto! Also, a friendly reminder from Praetorian: Don't expose your Traffic Management User Interface to the internet. Past experiences have shown that doing so can lead to device wiping and unwanted network access.
Tags: CVE-2023-46747, F5 BIG-IP Vulnerability, Network Security, Praetorian Security, Remote Code Execution, Security Update, Traffic Management User Interface