Connect with us

Hi, what are you looking for?



F5 Warns of Critical Remote Code Execution Vulnerability in BIG-IP

A critical-severity vulnerability in F5 BIG-IP CVE-2023-46747 allows unauthenticated attackers to execute code remotely.

Security and application delivery solutions provider F5 on Thursday warned customers of a critical-severity vulnerability in its BIG-IP product.

Tracked as CVE-2023-46747 (CVSS score of 9.8) and impacting the Traffic Management User Interface of the solution, the vulnerability allows an unauthenticated attacker to execute arbitrary code remotely.

“This vulnerability may allow an unauthenticated attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands. There is no data plane exposure; this is a control plane issue only,” F5 explains in an advisory.

According to Praetorian Security, which identified the bug, CVE-2023-46747 is a request smuggling issue that allows an unauthenticated attacker to gain full administrative privileges on an impacted BIG-IP system.

The flaw, Praetorian says, is closely related to CVE-2022-26377, a request smuggling flaw in the Apache HTTP Server, and can be exploited to bypass authentication and execute commands as root.

All BIG-IP systems with the Traffic Management User Interface exposed to the internet are affected by this vulnerability.

According to F5, the issue is rooted in the configuration utility component. BIG-IP versions 13.x through 17.x are impacted and F5 has released hotfixes for all of them.

A shell script has been released for BIG-IP versions 14.1.0 and later to mitigate the issue. Details on how the script can be used are available in F5’s advisory.

Advertisement. Scroll to continue reading.

According to Praetorian, there are more than 6,000 internet-facing instances of the application, all potentially at risk of exploitation. Some of these belong to government entities and Fortune 500 companies.

Technical details on this vulnerability will be released after most BIG-IP users have patched their instances.

BIG-IP users are advised to install the available patches as soon as possible. They should also restrict access to the Traffic Management User Interface.

“The portal itself should not be accessible at all from the public internet,” Praetorian notes.

F5 makes no mention of CVE-2023-46747 being exploited in malicious attacks.

Related: F5 BIG-IP Vulnerability Can Lead to DoS, Code Execution

Related: Critical Vulnerability Exploited to ‘Destroy’ BIG-IP Appliances

Related: F5 Warns BIG-IP Customers About 18 Serious Vulnerabilities

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join us as we delve into the transformative potential of AI, predictive ChatGPT-like tools and automation to detect and defend against cyberattacks.


As cybersecurity breaches and incidents escalate, the cyber insurance ecosystem is undergoing rapid and transformational change.


Expert Insights

Related Content


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...


A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...


Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.


Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.


The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.