CVE-2023-46747 vulnerability in F5 Networks Products
Published on October 26, 2023
Undisclosed requests may bypass configuration utility authentication, allowing an attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
Known Exploited Vulnerability
This F5 BIG-IP Configuration Utility Authentication Bypass Vulnerability is part of CISA's list of Known Exploited Vulnerabilities. F5 BIG-IP Configuration utility contains an authentication bypass using an alternate path or channel vulnerability due to undisclosed requests that may allow an unauthenticated attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute system commands. This vulnerability can be used in conjunction with CVE-2023-46748.
The following remediation steps are recommended / required by November 21, 2023: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Vulnerability Analysis
CVE-2023-46747 can be exploited with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. It has the highest possible exploitability rating (3.9). The potential impact of an exploit of this vulnerability is considered to be critical as this vulnerability has a high impact to the confidentiality, integrity and availability of this component.
Missing Authentication for Critical Function
The software does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.
Products Associated with CVE-2023-46747
You can be notified by stack.watch whenever vulnerabilities like CVE-2023-46747 are published in these products:
What versions are vulnerable to CVE-2023-46747?
- F5 Networks Big Ip Access Policy Manager Version 13.1.0 through 13.1.5
- F5 Networks Big Ip Access Policy Manager Version 14.1.0 through 14.1.5
- F5 Networks Big Ip Access Policy Manager Version 15.1.0 through 15.1.10
- F5 Networks Big Ip Access Policy Manager Version 16.1.0 through 16.1.4
- F5 Networks Big Ip Access Policy Manager Version 17.1.0 through 17.1.1
- F5 Networks Big Ip Advanced Firewall Manager Version 13.1.0 through 13.1.5
- F5 Networks Big Ip Advanced Firewall Manager Version 14.1.0 through 14.1.5
- F5 Networks Big Ip Advanced Firewall Manager Version 15.1.0 through 15.1.10
- F5 Networks Big Ip Advanced Firewall Manager Version 16.1.0 through 16.1.4
- F5 Networks Big Ip Advanced Firewall Manager Version 17.1.0 through 17.1.1
- F5 Networks Big Ip Advanced Web Application Firewall Version 13.1.0 through 13.1.5
- F5 Networks Big Ip Advanced Web Application Firewall Version 14.1.0 through 14.1.5
- F5 Networks Big Ip Advanced Web Application Firewall Version 15.1.0 through 15.1.10
- F5 Networks Big Ip Advanced Web Application Firewall Version 16.1.0 through 16.1.4
- F5 Networks Big Ip Advanced Web Application Firewall Version 17.1.0 through 17.1.1
- F5 Networks Big Ip Carrier Grade Nat Version 13.1.0 through 13.1.5
- F5 Networks Big Ip Carrier Grade Nat Version 14.1.0 through 14.1.5
- F5 Networks Big Ip Carrier Grade Nat Version 15.1.0 through 15.1.10
- F5 Networks Big Ip Carrier Grade Nat Version 16.1.0 through 16.1.4
- F5 Networks Big Ip Carrier Grade Nat Version 17.1.0 through 17.1.1
- F5 Networks Big Ip Ddos Hybrid Defender Version 13.1.0 through 13.1.5
- F5 Networks Big Ip Ddos Hybrid Defender Version 14.1.0 through 14.1.5
- F5 Networks Big Ip Ddos Hybrid Defender Version 15.1.0 through 15.1.10
- F5 Networks Big Ip Ddos Hybrid Defender Version 16.1.0 through 16.1.4
- F5 Networks Big Ip Ddos Hybrid Defender Version 17.1.0 through 17.1.1
- F5 Networks Big Ip Ssl Orchestrator Version 13.1.0 through 13.1.5
- F5 Networks Big Ip Ssl Orchestrator Version 14.1.0 through 14.1.5
- F5 Networks Big Ip Ssl Orchestrator Version 15.1.0 through 15.1.10
- F5 Networks Big Ip Ssl Orchestrator Version 16.1.0 through 16.1.4
- F5 Networks Big Ip Ssl Orchestrator Version 17.1.0 through 17.1.1
- F5 Networks Big Ip Domain Name System Version 13.1.0 through 13.1.5
- F5 Networks Big Ip Domain Name System Version 14.1.0 through 14.1.5
- F5 Networks Big Ip Domain Name System Version 15.1.0 through 15.1.10
- F5 Networks Big Ip Domain Name System Version 16.1.0 through 16.1.4
- F5 Networks Big Ip Domain Name System Version 17.1.0 through 17.1.1
- F5 Networks Big Ip Local Traffic Manager Version 13.1.0 through 13.1.5
- F5 Networks Big Ip Local Traffic Manager Version 14.1.0 through 14.1.5
- F5 Networks Big Ip Local Traffic Manager Version 15.1.0 through 15.1.10
- F5 Networks Big Ip Local Traffic Manager Version 16.1.0 through 16.1.4
- F5 Networks Big Ip Local Traffic Manager Version 17.1.0 through 17.1.1
- F5 Networks Big Ip Policy Enforcement Manager Version 13.1.0 through 13.1.5
- F5 Networks Big Ip Policy Enforcement Manager Version 14.1.0 through 14.1.5
- F5 Networks Big Ip Policy Enforcement Manager Version 15.1.0 through 15.1.10
- F5 Networks Big Ip Policy Enforcement Manager Version 16.1.0 through 16.1.4
- F5 Networks Big Ip Policy Enforcement Manager Version 17.1.0 through 17.1.1
- F5 Networks Big Ip Automation Toolchain Version 13.1.0 through 13.1.5
- F5 Networks Big Ip Automation Toolchain Version 14.1.0 through 14.1.5
- F5 Networks Big Ip Automation Toolchain Version 15.1.0 through 15.1.10
- F5 Networks Big Ip Automation Toolchain Version 16.1.0 through 16.1.4
- F5 Networks Big Ip Automation Toolchain Version 17.1.0 through 17.1.1
- F5 Networks Big Ip Container Ingress Services Version 13.1.0 through 13.1.5
- F5 Networks Big Ip Container Ingress Services Version 14.1.0 through 14.1.5
- F5 Networks Big Ip Container Ingress Services Version 15.1.0 through 15.1.10
- F5 Networks Big Ip Container Ingress Services Version 16.1.0 through 16.1.4
- F5 Networks Big Ip Container Ingress Services Version 17.1.0 through 17.1.1
- F5 Networks Big Ip Application Security Manager Version 13.1.0 through 13.1.5
- F5 Networks Big Ip Application Security Manager Version 14.1.0 through 14.1.5
- F5 Networks Big Ip Application Security Manager Version 15.1.0 through 15.1.10
- F5 Networks Big Ip Application Security Manager Version 16.1.0 through 16.1.4
- F5 Networks Big Ip Application Security Manager Version 17.1.0 through 17.1.1
- F5 Networks Big Ip Analytics Version 13.1.0 through 13.1.5
- F5 Networks Big Ip Analytics Version 14.1.0 through 14.1.5
- F5 Networks Big Ip Analytics Version 15.1.0 through 15.1.10
- F5 Networks Big Ip Analytics Version 16.1.0 through 16.1.4
- F5 Networks Big Ip Analytics Version 17.1.0 through 17.1.1
- F5 Networks Big Ip Application Acceleration Manager Version 13.1.0 through 13.1.5
- F5 Networks Big Ip Application Acceleration Manager Version 14.1.0 through 14.1.5
- F5 Networks Big Ip Application Acceleration Manager Version 15.1.0 through 15.1.10
- F5 Networks Big Ip Application Acceleration Manager Version 16.1.0 through 16.1.4
- F5 Networks Big Ip Application Acceleration Manager Version 17.1.0 through 17.1.1
- F5 Networks Big Ip Application Visibility Reporting Version 13.1.0 through 13.1.5
- F5 Networks Big Ip Application Visibility Reporting Version 14.1.0 through 14.1.5
- F5 Networks Big Ip Application Visibility Reporting Version 15.1.0 through 15.1.10
- F5 Networks Big Ip Application Visibility Reporting Version 16.1.0 through 16.1.4
- F5 Networks Big Ip Application Visibility Reporting Version 17.1.0 through 17.1.1
- F5 Networks Big Ip Fraud Protection Services Version 13.1.0 through 13.1.5
- F5 Networks Big Ip Fraud Protection Services Version 14.1.0 through 14.1.5
- F5 Networks Big Ip Fraud Protection Services Version 15.1.0 through 15.1.10
- F5 Networks Big Ip Fraud Protection Services Version 16.1.0 through 16.1.4
- F5 Networks Big Ip Fraud Protection Services Version 17.1.0 through 17.1.1
- F5 Networks Big Ip Global Traffic Manager Version 13.1.0 through 13.1.5
- F5 Networks Big Ip Global Traffic Manager Version 14.1.0 through 14.1.5
- F5 Networks Big Ip Global Traffic Manager Version 15.1.0 through 15.1.10
- F5 Networks Big Ip Global Traffic Manager Version 16.1.0 through 16.1.4
- F5 Networks Big Ip Global Traffic Manager Version 17.1.0 through 17.1.1
- F5 Networks Big Ip Link Controller Version 13.1.0 through 13.1.5
- F5 Networks Big Ip Link Controller Version 14.1.0 through 14.1.5
- F5 Networks Big Ip Link Controller Version 15.1.0 through 15.1.10
- F5 Networks Big Ip Link Controller Version 16.1.0 through 16.1.4
- F5 Networks Big Ip Link Controller Version 17.1.0 through 17.1.1
- F5 Networks Big Ip Webaccelerator Version 13.1.0 through 13.1.5
- F5 Networks Big Ip Webaccelerator Version 14.1.0 through 14.1.5
- F5 Networks Big Ip Webaccelerator Version 15.1.0 through 15.1.10
- F5 Networks Big Ip Webaccelerator Version 16.1.0 through 16.1.4
- F5 Networks Big Ip Webaccelerator Version 17.1.0 through 17.1.1
- F5 Networks Big Ip Websafe Version 13.1.0 through 13.1.5
- F5 Networks Big Ip Websafe Version 14.1.0 through 14.1.5
- F5 Networks Big Ip Websafe Version 15.1.0 through 15.1.10
- F5 Networks Big Ip Websafe Version 16.1.0 through 16.1.4
- F5 Networks Big Ip Websafe Version 17.1.0 through 17.1.1