First published: Thu Oct 26 2023(Updated: )
F5 BIG-IP Configuration utility contains an authentication bypass using an alternate path or channel vulnerability due to undisclosed requests that may allow an unauthenticated attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute system commands. This vulnerability can be used in conjunction with CVE-2023-46748.
Credit: f5sirt@f5.com f5sirt@f5.com
Affected Software | Affected Version | How to fix |
---|---|---|
F5 BIG-IP and BIG-IQ Centralized Management | >=17.1.0<=17.1.1 | 17.1.1.1 |
F5 BIG-IP and BIG-IQ Centralized Management | >=16.1.0<=16.1.4 | 16.1.4.2 |
F5 BIG-IP and BIG-IQ Centralized Management | >=15.1.0<=15.1.10 | 15.1.10.3 |
F5 BIG-IP and BIG-IQ Centralized Management | >=14.1.0<=14.1.5 | 14.1.5.6 |
F5 BIG-IP and BIG-IQ Centralized Management | >=13.1.0<=13.1.5 | 13.1.5.1 |
F5 BIG-IP Configuration Utility | ||
F5 Access Policy Manager | >=13.1.0<=13.1.5 | |
F5 Access Policy Manager | >=14.1.0<=14.1.5 | |
F5 Access Policy Manager | >=15.1.0<=15.1.10 | |
F5 Access Policy Manager | >=16.1.0<=16.1.4 | |
F5 Access Policy Manager | >=17.1.0<=17.1.1 | |
F5 BIG-IP Advanced Firewall Manager | >=13.1.0<=13.1.5 | |
F5 BIG-IP Advanced Firewall Manager | >=14.1.0<=14.1.5 | |
F5 BIG-IP Advanced Firewall Manager | >=15.1.0<=15.1.10 | |
F5 BIG-IP Advanced Firewall Manager | >=16.1.0<=16.1.4 | |
F5 BIG-IP Advanced Firewall Manager | >=17.1.0<=17.1.1 | |
F5 BIG-IP Advanced WAF/ASM | >=13.1.0<=13.1.5 | |
F5 BIG-IP Advanced WAF/ASM | >=14.1.0<=14.1.5 | |
F5 BIG-IP Advanced WAF/ASM | >=15.1.0<=15.1.10 | |
F5 BIG-IP Advanced WAF/ASM | >=16.1.0<=16.1.4 | |
F5 BIG-IP Advanced WAF/ASM | >=17.1.0<=17.1.1 | |
F5 BIG-IP Carrier-Grade NAT | >=13.1.0<=13.1.5 | |
F5 BIG-IP Carrier-Grade NAT | >=14.1.0<=14.1.5 | |
F5 BIG-IP Carrier-Grade NAT | >=15.1.0<=15.1.10 | |
F5 BIG-IP Carrier-Grade NAT | >=16.1.0<=16.1.4 | |
F5 BIG-IP Carrier-Grade NAT | >=17.1.0<=17.1.1 | |
F5 BIG-IP DDoS Hybrid Defender | >=13.1.0<=13.1.5 | |
F5 BIG-IP DDoS Hybrid Defender | >=14.1.0<=14.1.5 | |
F5 BIG-IP DDoS Hybrid Defender | >=15.1.0<=15.1.10 | |
F5 BIG-IP DDoS Hybrid Defender | >=16.1.0<=16.1.4 | |
F5 BIG-IP DDoS Hybrid Defender | >=17.1.0<=17.1.1 | |
F5 BIG-IP SSL Orchestrator | >=13.1.0<=13.1.5 | |
F5 BIG-IP SSL Orchestrator | >=14.1.0<=14.1.5 | |
F5 BIG-IP SSL Orchestrator | >=15.1.0<=15.1.10 | |
F5 BIG-IP SSL Orchestrator | >=16.1.0<=16.1.4 | |
F5 BIG-IP SSL Orchestrator | >=17.1.0<=17.1.1 | |
F5 BIG-IP | >=13.1.0<=13.1.5 | |
F5 BIG-IP | >=14.1.0<=14.1.5 | |
F5 BIG-IP | >=15.1.0<=15.1.10 | |
F5 BIG-IP | >=16.1.0<=16.1.4 | |
F5 BIG-IP | >=17.1.0<=17.1.1 | |
Riverbed SteelApp Traffic Manager | >=13.1.0<=13.1.5 | |
Riverbed SteelApp Traffic Manager | >=14.1.0<=14.1.5 | |
Riverbed SteelApp Traffic Manager | >=15.1.0<=15.1.10 | |
Riverbed SteelApp Traffic Manager | >=16.1.0<=16.1.4 | |
Riverbed SteelApp Traffic Manager | >=17.1.0<=17.1.1 | |
F5 BIG-IP Policy Enforcement Manager | >=13.1.0<=13.1.5 | |
F5 BIG-IP Policy Enforcement Manager | >=14.1.0<=14.1.5 | |
F5 BIG-IP Policy Enforcement Manager | >=15.1.0<=15.1.10 | |
F5 BIG-IP Policy Enforcement Manager | >=16.1.0<=16.1.4 | |
F5 BIG-IP Policy Enforcement Manager | >=17.1.0<=17.1.1 | |
F5 BIG-IP Automation Toolchain | >=13.1.0<=13.1.5 | |
F5 BIG-IP Automation Toolchain | >=14.1.0<=14.1.5 | |
F5 BIG-IP Automation Toolchain | >=15.1.0<=15.1.10 | |
F5 BIG-IP Automation Toolchain | >=16.1.0<=16.1.4 | |
F5 BIG-IP Automation Toolchain | >=17.1.0<=17.1.1 | |
F5 BIG-IP Container Ingress Services | >=13.1.0<=13.1.5 | |
F5 BIG-IP Container Ingress Services | >=14.1.0<=14.1.5 | |
F5 BIG-IP Container Ingress Services | >=15.1.0<=15.1.10 | |
F5 BIG-IP Container Ingress Services | >=16.1.0<=16.1.4 | |
F5 BIG-IP Container Ingress Services | >=17.1.0<=17.1.1 | |
F5 Application Security Manager | >=13.1.0<=13.1.5 | |
F5 Application Security Manager | >=14.1.0<=14.1.5 | |
F5 Application Security Manager | >=15.1.0<=15.1.10 | |
F5 Application Security Manager | >=16.1.0<=16.1.4 | |
F5 Application Security Manager | >=17.1.0<=17.1.1 | |
F5 BIG-IP Analytics | >=13.1.0<=13.1.5 | |
F5 BIG-IP Analytics | >=14.1.0<=14.1.5 | |
F5 BIG-IP Analytics | >=15.1.0<=15.1.10 | |
F5 BIG-IP Analytics | >=16.1.0<=16.1.4 | |
F5 BIG-IP Analytics | >=17.1.0<=17.1.1 | |
F5 BIG-IP Application Acceleration Manager | >=13.1.0<=13.1.5 | |
F5 BIG-IP Application Acceleration Manager | >=14.1.0<=14.1.5 | |
F5 BIG-IP Application Acceleration Manager | >=15.1.0<=15.1.10 | |
F5 BIG-IP Application Acceleration Manager | >=16.1.0<=16.1.4 | |
F5 BIG-IP Application Acceleration Manager | >=17.1.0<=17.1.1 | |
F5 BIG-IP Application Visibility and Reporting | >=13.1.0<=13.1.5 | |
F5 BIG-IP Application Visibility and Reporting | >=14.1.0<=14.1.5 | |
F5 BIG-IP Application Visibility and Reporting | >=15.1.0<=15.1.10 | |
F5 BIG-IP Application Visibility and Reporting | >=16.1.0<=16.1.4 | |
F5 BIG-IP Application Visibility and Reporting | >=17.1.0<=17.1.1 | |
F5 BIG-IP Fraud Protection Service | >=13.1.0<=13.1.5 | |
F5 BIG-IP Fraud Protection Service | >=14.1.0<=14.1.5 | |
F5 BIG-IP Fraud Protection Service | >=15.1.0<=15.1.10 | |
F5 BIG-IP Fraud Protection Service | >=16.1.0<=16.1.4 | |
F5 BIG-IP Fraud Protection Service | >=17.1.0<=17.1.1 | |
Riverbed SteelApp Traffic Manager | >=13.1.0<=13.1.5 | |
Riverbed SteelApp Traffic Manager | >=14.1.0<=14.1.5 | |
Riverbed SteelApp Traffic Manager | >=15.1.0<=15.1.10 | |
Riverbed SteelApp Traffic Manager | >=16.1.0<=16.1.4 | |
Riverbed SteelApp Traffic Manager | >=17.1.0<=17.1.1 | |
F5 BIG-IP Link Controller | >=13.1.0<=13.1.5 | |
F5 BIG-IP Link Controller | >=14.1.0<=14.1.5 | |
F5 BIG-IP Link Controller | >=15.1.0<=15.1.10 | |
F5 BIG-IP Link Controller | >=16.1.0<=16.1.4 | |
F5 BIG-IP Link Controller | >=17.1.0<=17.1.1 | |
F5 BIG-IP WebAccelerator | >=13.1.0<=13.1.5 | |
F5 BIG-IP WebAccelerator | >=14.1.0<=14.1.5 | |
F5 BIG-IP WebAccelerator | >=15.1.0<=15.1.10 | |
F5 BIG-IP WebAccelerator | >=16.1.0<=16.1.4 | |
F5 BIG-IP WebAccelerator | >=17.1.0<=17.1.1 | |
F5 WebSafe | >=13.1.0<=13.1.5 | |
F5 WebSafe | >=14.1.0<=14.1.5 | |
F5 WebSafe | >=15.1.0<=15.1.10 | |
F5 WebSafe | >=16.1.0<=16.1.4 | |
F5 WebSafe | >=17.1.0<=17.1.1 |
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Found alongside the following vulnerabilities)
CVE-2023-46747 is a vulnerability in the BIG-IP Configuration utility that allows unauthenticated remote code execution.
CVE-2023-46747 has a severity rating of 9.8 (Critical).
The F5 BIG-IP Configuration utility is affected by CVE-2023-46747.
No, CVE-2023-46747 allows an attacker to bypass authentication and execute code without authentication.
To fix CVE-2023-46747, update the BIG-IP Configuration utility to the latest version provided by F5.