Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
8.8
CVSSv3

CVE-2023-46748

Published: 26/10/2023 Updated: 01/02/2024
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 0
Subscribe to Big-ip Access Policy Manager

Vulnerability Summary

An authenticated SQL injection vulnerability exists in the BIG-IP Configuration utility which may allow an authenticated attacker with network access to the Configuration utility through the BIG-IP management port and/or self IP addresses to execute arbitrary system commands.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

f5 big-ip access policy manager

f5 big-ip advanced firewall manager

f5 big-ip carrier-grade nat

f5 big-ip ddos hybrid defender

f5 big-ip ssl orchestrator

f5 big-ip local traffic manager

f5 big-ip policy enforcement manager

f5 big-ip automation toolchain

f5 big-ip container ingress services

f5 big-ip advanced web application firewall

f5 big-ip domain name system

f5 big-ip application security manager

f5 big-ip analytics

f5 big-ip application acceleration manager

f5 big-ip application visibility and reporting

f5 big-ip fraud protection services

f5 big-ip global traffic manager

f5 big-ip link controller

f5 big-ip webaccelerator

f5 big-ip websafe

Recent Articles

Critical vulnerability in F5 BIG-IP under active exploitation
The Register

Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources Full extent of attacks unknown but telecoms thought to be especially exposed

Vulnerabilities in F5's BIG-IP suite are already being exploited after proof of concept (PoC) code began circulating online. The cybersecurity biz confirmed in an update to its advisory for CVE-2023-46747 that it has evidence of active exploitation in the wild, less than five days after the initial limited-detail research was published by Praetorian. This critical Apache JServ Protocol (AJP) smuggling vulnerability was what attracted much of the attention to F5's BIG-IP configuration utility las...

Read more...

References

CWE-89https://my.f5.com/manage/s/article/K000137365https://www.secpod.com/blog/f5-issues-warning-big-ip-vulnerability-used-in-active-exploit-chain/https://nvd.nist.govhttps://www.theregister.co.uk/2023/11/01/f5_bigip_critical_vulnerability/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-21111CVE-2024-32884IDORCVE-2023-1000CVE-2024-33260CVE-2024-3682reflected XSSrace conditionCVE-2024-3400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook