8.8
CVSSv3

CVE-2023-46748

Published: 26/10/2023 Updated: 21/11/2024

Vulnerability Summary

An authenticated SQL injection vulnerability exists in the BIG-IP Configuration utility which may allow an authenticated attacker with network access to the Configuration utility through the BIG-IP management port and/or self IP addresses to execute arbitrary system commands.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

f5 big-ip access policy manager

f5 big-ip advanced firewall manager

f5 big-ip carrier-grade nat

f5 big-ip ddos hybrid defender

f5 big-ip ssl orchestrator

f5 big-ip local traffic manager

f5 big-ip policy enforcement manager

f5 big-ip automation toolchain

f5 big-ip container ingress services

f5 big-ip advanced web application firewall

f5 big-ip domain name system

f5 big-ip application security manager

f5 big-ip analytics

f5 big-ip application acceleration manager

f5 big-ip application visibility and reporting

f5 big-ip fraud protection services

f5 big-ip global traffic manager

f5 big-ip link controller

f5 big-ip webaccelerator

f5 big-ip websafe

Recent Articles

New BIG-IP Next Central Manager bugs allow device takeover
BleepingComputer • Sergiu Gatlan • 08 May 2024

New BIG-IP Next Central Manager bugs allow device takeover By Sergiu Gatlan May 8, 2024 03:52 PM 0 F5 has fixed two high-severity BIG-IP Next Central Manager vulnerabilities, which can be exploited to gain admin control and create hidden rogue accounts on any managed assets. Next Central Manager allows administrators to control on-premises or cloud BIG-IP Next instances and services via a unified management user interface. The flaws are an SQL injection vulnerability (CVE-2024-26026) and an ODat...

Critical vulnerability in F5 BIG-IP under active exploitation
The Register

Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources Full extent of attacks unknown but telecoms thought to be especially exposed

Vulnerabilities in F5's BIG-IP suite are already being exploited after proof of concept (PoC) code began circulating online. The cybersecurity biz confirmed in an update to its advisory for CVE-2023-46747 that it has evidence of active exploitation in the wild, less than five days after the initial limited-detail research was published by Praetorian. This critical Apache JServ Protocol (AJP) smuggling vulnerability was what attracted much of the attention to F5's BIG-IP configuration utility las...