![f5 big-ip-access-policy-manager]()
CVE-2023-46748 vulnerability in F5 Networks Products
Published on October 26, 2023
An authenticated SQL injection vulnerability exists in the BIG-IP Configuration utility which may allow an authenticated attacker with network access to the Configuration utility through the BIG-IP management port and/or self IP addresses to execute arbitrary system commands. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
Known Exploited Vulnerability
This F5 BIG-IP Configuration Utility SQL Injection Vulnerability is part of CISA's list of Known Exploited Vulnerabilities. F5 BIG-IP Configuration utility contains an SQL injection vulnerability that may allow an authenticated attacker with network access through the BIG-IP management port and/or self IP addresses to execute system commands. This vulnerability can be used in conjunction with CVE-2023-46747.
The following remediation steps are recommended / required by November 21, 2023: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Vulnerability Analysis
CVE-2023-46748 is exploitable with network access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
What is a SQL Injection Vulnerability?
The software constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.
CVE-2023-46748 has been classified to as a SQL Injection vulnerability or weakness.
Products Associated with CVE-2023-46748
You can be notified by stack.watch whenever vulnerabilities like CVE-2023-46748 are published in these products:
What versions are vulnerable to CVE-2023-46748?
-
F5 Networks Big Ip Access Policy Manager Version 13.1.0 through 13.1.5
-
F5 Networks Big Ip Access Policy Manager Version 14.1.0 through 14.1.5
-
F5 Networks Big Ip Access Policy Manager Version 15.1.0 through 15.1.10
-
F5 Networks Big Ip Access Policy Manager Version 16.1.0 through 16.1.4
-
F5 Networks Big Ip Access Policy Manager Version 17.1.0 through 17.1.1
-
F5 Networks Big Ip Advanced Firewall Manager Version 13.1.0 through 13.1.5
-
F5 Networks Big Ip Advanced Firewall Manager Version 14.1.0 through 14.1.5
-
F5 Networks Big Ip Advanced Firewall Manager Version 15.1.0 through 15.1.10
-
F5 Networks Big Ip Advanced Firewall Manager Version 16.1.0 through 16.1.4
-
F5 Networks Big Ip Advanced Firewall Manager Version 17.1.0 through 17.1.1
-
F5 Networks Big Ip Carrier Grade Nat Version 13.1.0 through 13.1.5
-
F5 Networks Big Ip Carrier Grade Nat Version 14.1.0 through 14.1.5
-
F5 Networks Big Ip Carrier Grade Nat Version 15.1.0 through 15.1.10
-
F5 Networks Big Ip Carrier Grade Nat Version 16.1.0 through 16.1.4
-
F5 Networks Big Ip Carrier Grade Nat Version 17.1.0 through 17.1.1
-
F5 Networks Big Ip Ddos Hybrid Defender Version 13.1.0 through 13.1.5
-
F5 Networks Big Ip Ddos Hybrid Defender Version 14.1.0 through 14.1.5
-
F5 Networks Big Ip Ddos Hybrid Defender Version 15.1.0 through 15.1.10
-
F5 Networks Big Ip Ddos Hybrid Defender Version 16.1.0 through 16.1.4
-
F5 Networks Big Ip Ddos Hybrid Defender Version 17.1.0 through 17.1.1
-
F5 Networks Big Ip Ssl Orchestrator Version 13.1.0 through 13.1.5
-
F5 Networks Big Ip Ssl Orchestrator Version 14.1.0 through 14.1.5
-
F5 Networks Big Ip Ssl Orchestrator Version 15.1.0 through 15.1.10
-
F5 Networks Big Ip Ssl Orchestrator Version 16.1.0 through 16.1.4
-
F5 Networks Big Ip Ssl Orchestrator Version 17.1.0 through 17.1.1
-
F5 Networks Big Ip Local Traffic Manager Version 13.1.0 through 13.1.5
-
F5 Networks Big Ip Local Traffic Manager Version 14.1.0 through 14.1.5
-
F5 Networks Big Ip Local Traffic Manager Version 15.1.0 through 15.1.10
-
F5 Networks Big Ip Local Traffic Manager Version 16.1.0 through 16.1.4
-
F5 Networks Big Ip Local Traffic Manager Version 17.1.0 through 17.1.1
-
F5 Networks Big Ip Policy Enforcement Manager Version 13.1.0 through 13.1.5
-
F5 Networks Big Ip Policy Enforcement Manager Version 14.1.0 through 14.1.5
-
F5 Networks Big Ip Policy Enforcement Manager Version 15.1.0 through 15.1.10
-
F5 Networks Big Ip Policy Enforcement Manager Version 16.1.0 through 16.1.4
-
F5 Networks Big Ip Policy Enforcement Manager Version 17.1.0 through 17.1.1
-
F5 Networks Big Ip Automation Toolchain Version 13.1.0 through 13.1.5
-
F5 Networks Big Ip Automation Toolchain Version 14.1.0 through 14.1.5
-
F5 Networks Big Ip Automation Toolchain Version 15.1.0 through 15.1.10
-
F5 Networks Big Ip Automation Toolchain Version 16.1.0 through 16.1.4
-
F5 Networks Big Ip Automation Toolchain Version 17.1.0 through 17.1.1
-
F5 Networks Big Ip Container Ingress Services Version 13.1.0 through 13.1.5
-
F5 Networks Big Ip Container Ingress Services Version 14.1.0 through 14.1.5
-
F5 Networks Big Ip Container Ingress Services Version 15.1.0 through 15.1.10
-
F5 Networks Big Ip Container Ingress Services Version 16.1.0 through 16.1.4
-
F5 Networks Big Ip Container Ingress Services Version 17.1.0 through 17.1.1
-
F5 Networks Big Ip Advanced Web Application Firewall Version 13.1.0 through 13.1.5
-
F5 Networks Big Ip Advanced Web Application Firewall Version 14.1.0 through 14.1.5
-
F5 Networks Big Ip Advanced Web Application Firewall Version 15.1.0 through 15.1.10
-
F5 Networks Big Ip Advanced Web Application Firewall Version 16.1.0 through 16.1.4
-
F5 Networks Big Ip Advanced Web Application Firewall Version 17.1.0 through 17.1.1
-
F5 Networks Big Ip Domain Name System Version 13.1.0 through 13.1.5
-
F5 Networks Big Ip Domain Name System Version 14.1.0 through 14.1.5
-
F5 Networks Big Ip Domain Name System Version 15.1.0 through 15.1.10
-
F5 Networks Big Ip Domain Name System Version 16.1.0 through 16.1.4
-
F5 Networks Big Ip Domain Name System Version 17.1.0 through 17.1.1
-
F5 Networks Big Ip Application Security Manager Version 13.1.0 through 13.1.5
-
F5 Networks Big Ip Application Security Manager Version 14.1.0 through 14.1.5
-
F5 Networks Big Ip Application Security Manager Version 15.1.0 through 15.1.10
-
F5 Networks Big Ip Application Security Manager Version 16.1.0 through 16.1.4
-
F5 Networks Big Ip Application Security Manager Version 17.1.0 through 17.1.1
-
F5 Networks Big Ip Analytics Version 13.1.0 through 13.1.5
-
F5 Networks Big Ip Analytics Version 14.1.0 through 14.1.5
-
F5 Networks Big Ip Analytics Version 15.1.0 through 15.1.10
-
F5 Networks Big Ip Analytics Version 16.1.0 through 16.1.4
-
F5 Networks Big Ip Analytics Version 17.1.0 through 17.1.1
-
F5 Networks Big Ip Application Acceleration Manager Version 13.1.0 through 13.1.5
-
F5 Networks Big Ip Application Acceleration Manager Version 14.1.0 through 14.1.5
-
F5 Networks Big Ip Application Acceleration Manager Version 15.1.0 through 15.1.10
-
F5 Networks Big Ip Application Acceleration Manager Version 16.1.0 through 16.1.4
-
F5 Networks Big Ip Application Acceleration Manager Version 17.1.0 through 17.1.1
-
F5 Networks Big Ip Application Visibility Reporting Version 13.1.0 through 13.1.5
-
F5 Networks Big Ip Application Visibility Reporting Version 14.1.0 through 14.1.5
-
F5 Networks Big Ip Application Visibility Reporting Version 15.1.0 through 15.1.10
-
F5 Networks Big Ip Application Visibility Reporting Version 16.1.0 through 16.1.4
-
F5 Networks Big Ip Application Visibility Reporting Version 17.1.0 through 17.1.1
-
F5 Networks Big Ip Fraud Protection Services Version 13.1.0 through 13.1.5
-
F5 Networks Big Ip Fraud Protection Services Version 14.1.0 through 14.1.5
-
F5 Networks Big Ip Fraud Protection Services Version 15.1.0 through 15.1.10
-
F5 Networks Big Ip Fraud Protection Services Version 16.1.0 through 16.1.4
-
F5 Networks Big Ip Fraud Protection Services Version 17.1.0 through 17.1.1
-
F5 Networks Big Ip Global Traffic Manager Version 13.1.0 through 13.1.5
-
F5 Networks Big Ip Global Traffic Manager Version 14.1.0 through 14.1.5
-
F5 Networks Big Ip Global Traffic Manager Version 15.1.0 through 15.1.10
-
F5 Networks Big Ip Global Traffic Manager Version 16.1.0 through 16.1.4
-
F5 Networks Big Ip Global Traffic Manager Version 17.1.0 through 17.1.1
-
F5 Networks Big Ip Link Controller Version 13.1.0 through 13.1.5
-
F5 Networks Big Ip Link Controller Version 14.1.0 through 14.1.5
-
F5 Networks Big Ip Link Controller Version 15.1.0 through 15.1.10
-
F5 Networks Big Ip Link Controller Version 16.1.0 through 16.1.4
-
F5 Networks Big Ip Link Controller Version 17.1.0 through 17.1.1
-
F5 Networks Big Ip Webaccelerator Version 13.1.0 through 13.1.5
-
F5 Networks Big Ip Webaccelerator Version 14.1.0 through 14.1.5
-
F5 Networks Big Ip Webaccelerator Version 15.1.0 through 15.1.10
-
F5 Networks Big Ip Webaccelerator Version 16.1.0 through 16.1.4
-
F5 Networks Big Ip Webaccelerator Version 17.1.0 through 17.1.1
-
F5 Networks Big Ip Websafe Version 13.1.0 through 13.1.5
-
F5 Networks Big Ip Websafe Version 14.1.0 through 14.1.5
-
F5 Networks Big Ip Websafe Version 15.1.0 through 15.1.10
-
F5 Networks Big Ip Websafe Version 16.1.0 through 16.1.4
-
F5 Networks Big Ip Websafe Version 17.1.0 through 17.1.1