Tag :
Cyber Security

1. Summary

Vulnerability Name

F5 BIG-IP Remote Code Execution Vulnerability
Release Date

October 27, 2023
Component Name

BIG-IP Configuration Utility
Affected Versions

F5 BIG-IP 17.1.0
16.1.0 ≤ F5 BIG-IP ≤ 16.1.4
15.1.0 ≤ F5 BIG-IP ≤ 15.1.10
14.1.0 ≤ F5 BIG-IP ≤ 14.1.5
13.1.0 ≤ F5 BIG-IP ≤ 13.1.5
Vulnerability Type

CWE-288: Authentication Bypass Using an Alternate Path or Channel
Severity

CVSS v3 Base Score: 9.8
Exploitability

Attack Vector: Network

Attack Complexity: Low

Privileges Required: None

User Interaction: None
Impact

Confidentiality Impact: None

Integrity Impact: Low

Availability Impact: None

2. About CVE-2023-46747

2.1 About the Component

F5 BIG-IP, developed by F5, Inc., is an advanced application delivery controller (ADC) and load balancer. As a network device, it is widely used by large enterprises and data centers for higher performance, availability, security, and scalability of applications.

2.2 About the Vulnerability

On October 27, 2023, Sangfor FarSight Labs received notification of the F5 BIG-IP remote code execution vulnerability (CVE-2023-46747), classified as critical, with a CVSS Score of 9.8.

This vulnerability arises because undisclosed requests may bypass Configuration utility authentication. This may allow an unauthenticated attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands.

3. Affected Versions

F5 BIG-IP 17.1.0
16.1.0 ≤ F5 BIG-IP ≤ 16.1.4
15.1.0 ≤ F5 BIG-IP ≤ 15.1.10
14.1.0 ≤ F5 BIG-IP ≤ 14.1.5
13.1.0 ≤ F5 BIG-IP ≤ 13.1.5

4. Solutions

4.1 F5 Solutions

4.1.1 Version Upgrade 

F5 has released updated versions of BIG-IP to fix the vulnerability, and users are recommended to upgrade as quickly as possible.

BIG-IP 17.x upgrade to 17.1.0.3 + Hotfix-BIGIP-17.1.0.3.0.75.4-ENG3
BIG-IP 16.x upgrade to 16.1.4.1 + Hotfix-BIGIP-16.1.4.1.0.50.5-ENG
BIG-IP 15.x upgrade to 15.1.10.2 + Hotfix-BIGIP-15.1.10.2.0.44.2-ENG
BIG-IP 14.x upgrade to 14.1.5.6 + Hotfix-BIGIP-14.1.5.6.0.10.6-ENG
BIG-IP 13.x upgrade to 13.1.5.1 + Hotfix-BIGIP-13.1.5.1.0.20.2-ENG

Link: https://my.f5.com/manage/s/article/K000137353#BIG-IP

4.1.2 Temporary Mitigation

For users unable to upgrade to a fixed version for the time being, F5 has provided the following script for BIG-IP versions 14.1.0 and later to mitigate this issue. 

Script link: https://my.f5.com/manage/s/article/K000137353

Notes:

  1. This script must not be used on any BIG-IP version prior to 14.1.0 or it will prevent the Configuration utility from starting.
  2. Customers that have a FIPS 140-2 Compliant Mode license are advised to not use this mitigation as it will cause FIPS integrity check to fail.

Steps:

  1. Copy the script (or download it) and save it to the affected BIG-IP system.
  2. Log in to the command line of the affected BIG-IP system as the root user.
  3. If you have downloaded the script, rename the script to the .sh extension by using the following command syntax:
    mv <path to script>/mitigation.txt <path to script>/mitigation.sh
  4. Make the script executable using the chmod utility by using the following command syntax:
    chmod +x <path to script>/mitigation.sh && touch <path to script>/mitigation.sh
  5. Run the script by using the following command syntax:
    <path to script>/mitigation.sh

Until it is possible to install a fixed version, users can also implement the following temporary mitigations.

  1. Block Configuration utility access through self IP addresses (please refer to https://my.f5.com/manage/s/article/K000137353#selfip for details)
  2. Block Configuration utility access through the management interface (please refer to https://my.f5.com/manage/s/article/K000137353#mgmt for details)

5. Timeline

On October 27, 2023, Sangfor FarSight Labs received notification of the F5 BIG-IP remote code execution vulnerability (CVE-2023-46747).

On October 27, 2023, Sangfor FarSight Labs released a vulnerability alert.

6. References

https://my.f5.com/manage/s/article/K000137353

https://nvd.nist.gov/vuln/detail/CVE-2023-46747

7. Learn More

Sangfor FarSight Labs researches the latest cyberthreats and unknown zero-day vulnerabilities, alerting customers to potential dangers to their organizations, and providing real-time solutions with actionable intelligence. Sangfor FarSight Labs works with other security vendors and the security community at large to identify and verify global cyberthreats, providing fast and easy protection for customers.

Listen To This Post

Search

Keyword maximum 256 character

Get in Touch

Get in Touch with Sangfor Team for Business Inquiry

Name
Email Address
Business Phone Number
Tell us about your project requirements

Related Articles

CVE-2024-47575: Fortinet FortiManager Authentication Vulnerability

Date : 25 Oct 2024
Read Now

CVE-2024-38819: Path Traversal Vulnerability

Date : 19 Oct 2024
Read Now

CVE-2024-40766: SonicWALL SonicOS Access Control Flaw Vulnerability

Date : 12 Sep 2024
Read Now

See Other Product

Cyber Command - NDR Platform
Endpoint Secure
Internet Access Gateway (IAG)
Sangfor Network Secure - Next Generation Firewall
Platform-X
Sangfor Access Secure

Meet the Author

About Sangfor

Sangfor Technologies

Sangfor Technologies is a leading vendor of Cyber Security and Cloud Computing solutions. The majority of the blogs that you are seeing here are written by professionals working at Sangfor. We have a team of content writers, product managers and marketing experts who are taking care of writing articles on various topics that are relevant to our audience. Our team ensures that the articles published are factually correct and helpful to our customers and partners to know more about the recent trends on Cyber Security and Cloud, and how it can help their organizations.

  • facebook
  • twitter
  • linkedin
  • youtube
  • instagram
See Author's Detail