What is CVE-2023-46747?

CVE-2023-46747 is a vulnerability in the BIG-IP Configuration utility that allows unauthenticated remote code execution.

How severe is CVE-2023-46747?

CVE-2023-46747 has a severity rating of 9.8 (Critical).

What software is affected by CVE-2023-46747?

The F5 BIG-IP Configuration utility is affected by CVE-2023-46747.

Is authentication required for exploitation of CVE-2023-46747?

No, CVE-2023-46747 allows an attacker to bypass authentication and execute code without authentication.

How can I fix CVE-2023-46747?

To fix CVE-2023-46747, update the BIG-IP Configuration utility to the latest version provided by F5.

Vulnerability/
CVE-2023-46747

Exploited

critical

9.8

CWE

288 306 22

26/10/2023

2/4/2025

CVE-2023-46747: BIG-IP Configuration utility unauthenticated remote code execution vulnerability

First published: Thu Oct 26 2023(Updated: )

F5 BIG-IP Configuration utility contains an authentication bypass using an alternate path or channel vulnerability due to undisclosed requests that may allow an unauthenticated attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute system commands. This vulnerability can be used in conjunction with CVE-2023-46748.

Credit: f5sirt@f5.com f5sirt@f5.com

Affected Software	Affected Version	How to fix
F5 BIG-IP and BIG-IQ Centralized Management	>=17.1.0<=17.1.1	17.1.1.1
F5 BIG-IP and BIG-IQ Centralized Management	>=16.1.0<=16.1.4	16.1.4.2
F5 BIG-IP and BIG-IQ Centralized Management	>=15.1.0<=15.1.10	15.1.10.3
F5 BIG-IP and BIG-IQ Centralized Management	>=14.1.0<=14.1.5	14.1.5.6
F5 BIG-IP and BIG-IQ Centralized Management	>=13.1.0<=13.1.5	13.1.5.1
F5 BIG-IP Configuration Utility
F5 Access Policy Manager	>=13.1.0<=13.1.5
F5 Access Policy Manager	>=14.1.0<=14.1.5
F5 Access Policy Manager	>=15.1.0<=15.1.10
F5 Access Policy Manager	>=16.1.0<=16.1.4
F5 Access Policy Manager	>=17.1.0<=17.1.1
F5 BIG-IP Advanced Firewall Manager	>=13.1.0<=13.1.5
F5 BIG-IP Advanced Firewall Manager	>=14.1.0<=14.1.5
F5 BIG-IP Advanced Firewall Manager	>=15.1.0<=15.1.10
F5 BIG-IP Advanced Firewall Manager	>=16.1.0<=16.1.4
F5 BIG-IP Advanced Firewall Manager	>=17.1.0<=17.1.1
F5 BIG-IP Advanced WAF/ASM	>=13.1.0<=13.1.5
F5 BIG-IP Advanced WAF/ASM	>=14.1.0<=14.1.5
F5 BIG-IP Advanced WAF/ASM	>=15.1.0<=15.1.10
F5 BIG-IP Advanced WAF/ASM	>=16.1.0<=16.1.4
F5 BIG-IP Advanced WAF/ASM	>=17.1.0<=17.1.1
F5 BIG-IP Carrier-Grade NAT	>=13.1.0<=13.1.5
F5 BIG-IP Carrier-Grade NAT	>=14.1.0<=14.1.5
F5 BIG-IP Carrier-Grade NAT	>=15.1.0<=15.1.10
F5 BIG-IP Carrier-Grade NAT	>=16.1.0<=16.1.4
F5 BIG-IP Carrier-Grade NAT	>=17.1.0<=17.1.1
F5 BIG-IP DDoS Hybrid Defender	>=13.1.0<=13.1.5
F5 BIG-IP DDoS Hybrid Defender	>=14.1.0<=14.1.5
F5 BIG-IP DDoS Hybrid Defender	>=15.1.0<=15.1.10
F5 BIG-IP DDoS Hybrid Defender	>=16.1.0<=16.1.4
F5 BIG-IP DDoS Hybrid Defender	>=17.1.0<=17.1.1
F5 BIG-IP SSL Orchestrator	>=13.1.0<=13.1.5
F5 BIG-IP SSL Orchestrator	>=14.1.0<=14.1.5
F5 BIG-IP SSL Orchestrator	>=15.1.0<=15.1.10
F5 BIG-IP SSL Orchestrator	>=16.1.0<=16.1.4
F5 BIG-IP SSL Orchestrator	>=17.1.0<=17.1.1
F5 BIG-IP	>=13.1.0<=13.1.5
F5 BIG-IP	>=14.1.0<=14.1.5
F5 BIG-IP	>=15.1.0<=15.1.10
F5 BIG-IP	>=16.1.0<=16.1.4
F5 BIG-IP	>=17.1.0<=17.1.1
Riverbed SteelApp Traffic Manager	>=13.1.0<=13.1.5
Riverbed SteelApp Traffic Manager	>=14.1.0<=14.1.5
Riverbed SteelApp Traffic Manager	>=15.1.0<=15.1.10
Riverbed SteelApp Traffic Manager	>=16.1.0<=16.1.4
Riverbed SteelApp Traffic Manager	>=17.1.0<=17.1.1
F5 BIG-IP Policy Enforcement Manager	>=13.1.0<=13.1.5
F5 BIG-IP Policy Enforcement Manager	>=14.1.0<=14.1.5
F5 BIG-IP Policy Enforcement Manager	>=15.1.0<=15.1.10
F5 BIG-IP Policy Enforcement Manager	>=16.1.0<=16.1.4
F5 BIG-IP Policy Enforcement Manager	>=17.1.0<=17.1.1
F5 BIG-IP Automation Toolchain	>=13.1.0<=13.1.5
F5 BIG-IP Automation Toolchain	>=14.1.0<=14.1.5
F5 BIG-IP Automation Toolchain	>=15.1.0<=15.1.10
F5 BIG-IP Automation Toolchain	>=16.1.0<=16.1.4
F5 BIG-IP Automation Toolchain	>=17.1.0<=17.1.1
F5 BIG-IP Container Ingress Services	>=13.1.0<=13.1.5
F5 BIG-IP Container Ingress Services	>=14.1.0<=14.1.5
F5 BIG-IP Container Ingress Services	>=15.1.0<=15.1.10
F5 BIG-IP Container Ingress Services	>=16.1.0<=16.1.4
F5 BIG-IP Container Ingress Services	>=17.1.0<=17.1.1
F5 Application Security Manager	>=13.1.0<=13.1.5
F5 Application Security Manager	>=14.1.0<=14.1.5
F5 Application Security Manager	>=15.1.0<=15.1.10
F5 Application Security Manager	>=16.1.0<=16.1.4
F5 Application Security Manager	>=17.1.0<=17.1.1
F5 BIG-IP Analytics	>=13.1.0<=13.1.5
F5 BIG-IP Analytics	>=14.1.0<=14.1.5
F5 BIG-IP Analytics	>=15.1.0<=15.1.10
F5 BIG-IP Analytics	>=16.1.0<=16.1.4
F5 BIG-IP Analytics	>=17.1.0<=17.1.1
F5 BIG-IP Application Acceleration Manager	>=13.1.0<=13.1.5
F5 BIG-IP Application Acceleration Manager	>=14.1.0<=14.1.5
F5 BIG-IP Application Acceleration Manager	>=15.1.0<=15.1.10
F5 BIG-IP Application Acceleration Manager	>=16.1.0<=16.1.4
F5 BIG-IP Application Acceleration Manager	>=17.1.0<=17.1.1
F5 BIG-IP Application Visibility and Reporting	>=13.1.0<=13.1.5
F5 BIG-IP Application Visibility and Reporting	>=14.1.0<=14.1.5
F5 BIG-IP Application Visibility and Reporting	>=15.1.0<=15.1.10
F5 BIG-IP Application Visibility and Reporting	>=16.1.0<=16.1.4
F5 BIG-IP Application Visibility and Reporting	>=17.1.0<=17.1.1
F5 BIG-IP Fraud Protection Service	>=13.1.0<=13.1.5
F5 BIG-IP Fraud Protection Service	>=14.1.0<=14.1.5
F5 BIG-IP Fraud Protection Service	>=15.1.0<=15.1.10
F5 BIG-IP Fraud Protection Service	>=16.1.0<=16.1.4
F5 BIG-IP Fraud Protection Service	>=17.1.0<=17.1.1
Riverbed SteelApp Traffic Manager	>=13.1.0<=13.1.5
Riverbed SteelApp Traffic Manager	>=14.1.0<=14.1.5
Riverbed SteelApp Traffic Manager	>=15.1.0<=15.1.10
Riverbed SteelApp Traffic Manager	>=16.1.0<=16.1.4
Riverbed SteelApp Traffic Manager	>=17.1.0<=17.1.1
F5 BIG-IP Link Controller	>=13.1.0<=13.1.5
F5 BIG-IP Link Controller	>=14.1.0<=14.1.5
F5 BIG-IP Link Controller	>=15.1.0<=15.1.10
F5 BIG-IP Link Controller	>=16.1.0<=16.1.4
F5 BIG-IP Link Controller	>=17.1.0<=17.1.1
F5 BIG-IP WebAccelerator	>=13.1.0<=13.1.5
F5 BIG-IP WebAccelerator	>=14.1.0<=14.1.5
F5 BIG-IP WebAccelerator	>=15.1.0<=15.1.10
F5 BIG-IP WebAccelerator	>=16.1.0<=16.1.4
F5 BIG-IP WebAccelerator	>=17.1.0<=17.1.1
F5 WebSafe	>=13.1.0<=13.1.5
F5 WebSafe	>=14.1.0<=14.1.5
F5 WebSafe	>=15.1.0<=15.1.10
F5 WebSafe	>=16.1.0<=16.1.4
F5 WebSafe	>=17.1.0<=17.1.1

Remedy

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Never miss a vulnerability like this again

Reference Links

Peer vulnerabilities

(Found alongside the following vulnerabilities)

Frequently Asked Questions

What is CVE-2023-46747?
CVE-2023-46747 is a vulnerability in the BIG-IP Configuration utility that allows unauthenticated remote code execution.
How severe is CVE-2023-46747?
CVE-2023-46747 has a severity rating of 9.8 (Critical).
What software is affected by CVE-2023-46747?
The F5 BIG-IP Configuration utility is affected by CVE-2023-46747.
Is authentication required for exploitation of CVE-2023-46747?
No, CVE-2023-46747 allows an attacker to bypass authentication and execute code without authentication.
How can I fix CVE-2023-46747?
To fix CVE-2023-46747, update the BIG-IP Configuration utility to the latest version provided by F5.

agent/type
agent/remedy
agent/title
collector/the-register
source/The Register
alias/CVE-2023-46747
alias/CVE-2024-1709
alias/CVE-2023-22518
alias/CVE-2022-0185
alias/CVE-2022-3052
agent/news-ai
agent/weakness
collector/bleeping-computer
source/BleepingComputer
alias/CVE-2024-26026
alias/CVE-2024-21793
alias/CVE-2023-46748
alias/CVE-2022-1388
agent/severity
agent/first-publish-date
agent/references
agent/author
agent/event
agent/trending
agent/source
agent/last-modified-date
agent/description
collector/mitre-cve
source/MITRE
collector/f5-advisory
source/F5
agent/software-canonical-lookup
agent/software-canonical-lookup-request
exploited/true
ransomware/true
collector/cisa-known-exploited
source/CISA
agent/tags
agent/softwarecombine
collector/nvd-api
source/NVD
collector/nvd-cve
vendor/f5
canonical/f5 big-ip and big-iq centralized management
version/f5 big-ip and big-iq centralized management/17.1.0
version/f5 big-ip and big-iq centralized management/17.1.1
version/f5 big-ip and big-iq centralized management/16.1.0
version/f5 big-ip and big-iq centralized management/16.1.4
version/f5 big-ip and big-iq centralized management/15.1.0
version/f5 big-ip and big-iq centralized management/15.1.10
version/f5 big-ip and big-iq centralized management/14.1.0
version/f5 big-ip and big-iq centralized management/14.1.5
version/f5 big-ip and big-iq centralized management/13.1.0
version/f5 big-ip and big-iq centralized management/13.1.5
canonical/f5 big-ip configuration utility
canonical/f5 access policy manager
version/f5 access policy manager/13.1.0
version/f5 access policy manager/13.1.5
version/f5 access policy manager/14.1.0
version/f5 access policy manager/14.1.5
version/f5 access policy manager/15.1.0
version/f5 access policy manager/15.1.10
version/f5 access policy manager/16.1.0
version/f5 access policy manager/16.1.4
version/f5 access policy manager/17.1.0
version/f5 access policy manager/17.1.1
canonical/f5 big-ip advanced firewall manager
version/f5 big-ip advanced firewall manager/13.1.0
version/f5 big-ip advanced firewall manager/13.1.5
version/f5 big-ip advanced firewall manager/14.1.0
version/f5 big-ip advanced firewall manager/14.1.5
version/f5 big-ip advanced firewall manager/15.1.0
version/f5 big-ip advanced firewall manager/15.1.10
version/f5 big-ip advanced firewall manager/16.1.0
version/f5 big-ip advanced firewall manager/16.1.4
version/f5 big-ip advanced firewall manager/17.1.0
version/f5 big-ip advanced firewall manager/17.1.1
canonical/f5 big-ip advanced waf/asm
version/f5 big-ip advanced waf/asm/13.1.0
version/f5 big-ip advanced waf/asm/13.1.5
version/f5 big-ip advanced waf/asm/14.1.0
version/f5 big-ip advanced waf/asm/14.1.5
version/f5 big-ip advanced waf/asm/15.1.0
version/f5 big-ip advanced waf/asm/15.1.10
version/f5 big-ip advanced waf/asm/16.1.0
version/f5 big-ip advanced waf/asm/16.1.4
version/f5 big-ip advanced waf/asm/17.1.0
version/f5 big-ip advanced waf/asm/17.1.1
canonical/f5 big-ip carrier-grade nat
version/f5 big-ip carrier-grade nat/13.1.0
version/f5 big-ip carrier-grade nat/13.1.5
version/f5 big-ip carrier-grade nat/14.1.0
version/f5 big-ip carrier-grade nat/14.1.5
version/f5 big-ip carrier-grade nat/15.1.0
version/f5 big-ip carrier-grade nat/15.1.10
version/f5 big-ip carrier-grade nat/16.1.0
version/f5 big-ip carrier-grade nat/16.1.4
version/f5 big-ip carrier-grade nat/17.1.0
version/f5 big-ip carrier-grade nat/17.1.1
canonical/f5 big-ip ddos hybrid defender
version/f5 big-ip ddos hybrid defender/13.1.0
version/f5 big-ip ddos hybrid defender/13.1.5
version/f5 big-ip ddos hybrid defender/14.1.0
version/f5 big-ip ddos hybrid defender/14.1.5
version/f5 big-ip ddos hybrid defender/15.1.0
version/f5 big-ip ddos hybrid defender/15.1.10
version/f5 big-ip ddos hybrid defender/16.1.0
version/f5 big-ip ddos hybrid defender/16.1.4
version/f5 big-ip ddos hybrid defender/17.1.0
version/f5 big-ip ddos hybrid defender/17.1.1
canonical/f5 big-ip ssl orchestrator
version/f5 big-ip ssl orchestrator/13.1.0
version/f5 big-ip ssl orchestrator/13.1.5
version/f5 big-ip ssl orchestrator/14.1.0
version/f5 big-ip ssl orchestrator/14.1.5
version/f5 big-ip ssl orchestrator/15.1.0
version/f5 big-ip ssl orchestrator/15.1.10
version/f5 big-ip ssl orchestrator/16.1.0
version/f5 big-ip ssl orchestrator/16.1.4
version/f5 big-ip ssl orchestrator/17.1.0
version/f5 big-ip ssl orchestrator/17.1.1
canonical/f5 big-ip
version/f5 big-ip/13.1.0
version/f5 big-ip/13.1.5
version/f5 big-ip/14.1.0
version/f5 big-ip/14.1.5
version/f5 big-ip/15.1.0
version/f5 big-ip/15.1.10
version/f5 big-ip/16.1.0
version/f5 big-ip/16.1.4
version/f5 big-ip/17.1.0
version/f5 big-ip/17.1.1
canonical/riverbed steelapp traffic manager
version/riverbed steelapp traffic manager/13.1.0
version/riverbed steelapp traffic manager/13.1.5
version/riverbed steelapp traffic manager/14.1.0
version/riverbed steelapp traffic manager/14.1.5
version/riverbed steelapp traffic manager/15.1.0
version/riverbed steelapp traffic manager/15.1.10
version/riverbed steelapp traffic manager/16.1.0
version/riverbed steelapp traffic manager/16.1.4
version/riverbed steelapp traffic manager/17.1.0
version/riverbed steelapp traffic manager/17.1.1
canonical/f5 big-ip policy enforcement manager
version/f5 big-ip policy enforcement manager/13.1.0
version/f5 big-ip policy enforcement manager/13.1.5
version/f5 big-ip policy enforcement manager/14.1.0
version/f5 big-ip policy enforcement manager/14.1.5
version/f5 big-ip policy enforcement manager/15.1.0
version/f5 big-ip policy enforcement manager/15.1.10
version/f5 big-ip policy enforcement manager/16.1.0
version/f5 big-ip policy enforcement manager/16.1.4
version/f5 big-ip policy enforcement manager/17.1.0
version/f5 big-ip policy enforcement manager/17.1.1
canonical/f5 big-ip automation toolchain
version/f5 big-ip automation toolchain/13.1.0
version/f5 big-ip automation toolchain/13.1.5
version/f5 big-ip automation toolchain/14.1.0
version/f5 big-ip automation toolchain/14.1.5
version/f5 big-ip automation toolchain/15.1.0
version/f5 big-ip automation toolchain/15.1.10
version/f5 big-ip automation toolchain/16.1.0
version/f5 big-ip automation toolchain/16.1.4
version/f5 big-ip automation toolchain/17.1.0
version/f5 big-ip automation toolchain/17.1.1
canonical/f5 big-ip container ingress services
version/f5 big-ip container ingress services/13.1.0
version/f5 big-ip container ingress services/13.1.5
version/f5 big-ip container ingress services/14.1.0
version/f5 big-ip container ingress services/14.1.5
version/f5 big-ip container ingress services/15.1.0
version/f5 big-ip container ingress services/15.1.10
version/f5 big-ip container ingress services/16.1.0
version/f5 big-ip container ingress services/16.1.4
version/f5 big-ip container ingress services/17.1.0
version/f5 big-ip container ingress services/17.1.1
canonical/f5 application security manager
version/f5 application security manager/13.1.0
version/f5 application security manager/13.1.5
version/f5 application security manager/14.1.0
version/f5 application security manager/14.1.5
version/f5 application security manager/15.1.0
version/f5 application security manager/15.1.10
version/f5 application security manager/16.1.0
version/f5 application security manager/16.1.4
version/f5 application security manager/17.1.0
version/f5 application security manager/17.1.1
canonical/f5 big-ip analytics
version/f5 big-ip analytics/13.1.0
version/f5 big-ip analytics/13.1.5
version/f5 big-ip analytics/14.1.0
version/f5 big-ip analytics/14.1.5
version/f5 big-ip analytics/15.1.0
version/f5 big-ip analytics/15.1.10
version/f5 big-ip analytics/16.1.0
version/f5 big-ip analytics/16.1.4
version/f5 big-ip analytics/17.1.0
version/f5 big-ip analytics/17.1.1
canonical/f5 big-ip application acceleration manager
version/f5 big-ip application acceleration manager/13.1.0
version/f5 big-ip application acceleration manager/13.1.5
version/f5 big-ip application acceleration manager/14.1.0
version/f5 big-ip application acceleration manager/14.1.5
version/f5 big-ip application acceleration manager/15.1.0
version/f5 big-ip application acceleration manager/15.1.10
version/f5 big-ip application acceleration manager/16.1.0
version/f5 big-ip application acceleration manager/16.1.4
version/f5 big-ip application acceleration manager/17.1.0
version/f5 big-ip application acceleration manager/17.1.1
canonical/f5 big-ip application visibility and reporting
version/f5 big-ip application visibility and reporting/13.1.0
version/f5 big-ip application visibility and reporting/13.1.5
version/f5 big-ip application visibility and reporting/14.1.0
version/f5 big-ip application visibility and reporting/14.1.5
version/f5 big-ip application visibility and reporting/15.1.0
version/f5 big-ip application visibility and reporting/15.1.10
version/f5 big-ip application visibility and reporting/16.1.0
version/f5 big-ip application visibility and reporting/16.1.4
version/f5 big-ip application visibility and reporting/17.1.0
version/f5 big-ip application visibility and reporting/17.1.1
canonical/f5 big-ip fraud protection service
version/f5 big-ip fraud protection service/13.1.0
version/f5 big-ip fraud protection service/13.1.5
version/f5 big-ip fraud protection service/14.1.0
version/f5 big-ip fraud protection service/14.1.5
version/f5 big-ip fraud protection service/15.1.0
version/f5 big-ip fraud protection service/15.1.10
version/f5 big-ip fraud protection service/16.1.0
version/f5 big-ip fraud protection service/16.1.4
version/f5 big-ip fraud protection service/17.1.0
version/f5 big-ip fraud protection service/17.1.1
canonical/f5 big-ip link controller
version/f5 big-ip link controller/13.1.0
version/f5 big-ip link controller/13.1.5
version/f5 big-ip link controller/14.1.0
version/f5 big-ip link controller/14.1.5
version/f5 big-ip link controller/15.1.0
version/f5 big-ip link controller/15.1.10
version/f5 big-ip link controller/16.1.0
version/f5 big-ip link controller/16.1.4
version/f5 big-ip link controller/17.1.0
version/f5 big-ip link controller/17.1.1
canonical/f5 big-ip webaccelerator
version/f5 big-ip webaccelerator/13.1.0
version/f5 big-ip webaccelerator/13.1.5
version/f5 big-ip webaccelerator/14.1.0
version/f5 big-ip webaccelerator/14.1.5
version/f5 big-ip webaccelerator/15.1.0
version/f5 big-ip webaccelerator/15.1.10
version/f5 big-ip webaccelerator/16.1.0
version/f5 big-ip webaccelerator/16.1.4
version/f5 big-ip webaccelerator/17.1.0
version/f5 big-ip webaccelerator/17.1.1
canonical/f5 websafe
version/f5 websafe/13.1.0
version/f5 websafe/13.1.5
version/f5 websafe/14.1.0
version/f5 websafe/14.1.5
version/f5 websafe/15.1.0
version/f5 websafe/15.1.10
version/f5 websafe/16.1.0
version/f5 websafe/16.1.4
version/f5 websafe/17.1.0
version/f5 websafe/17.1.1