BIG-IP Vulnerability Allows Attackers to Execute Remote Code
A severe security flaw that could well well enable for unauthenticated faraway code execution has been identified and is classified as CVE-2023-46747 with a 9.8 CVSS rating.
The F5 reports express that this pickle originated within the configuration utility. The vulnerability turn out to be once came during and reported on October 4, 2023, by Praetorian Michael Weber and Thomas Hendrickson.
BIG-IP Configuration Utility Unauthenticated Distant Code Execution Vulnerability
“This vulnerability could well enable an unauthenticated attacker with community fetch entry to to the BIG-IP system by the management port and/or self-IP addresses to attain arbitrary system commands. There isn’t this kind of thing as a records airplane publicity; here’s a regulate airplane dispute simplest”, F5 reports.
Praetorian stated that CVE-2023-46747 is carefully related to CVE-2022-26377 in a technical advisory. The difficulty pertains to authentication bypass and could well well quit up in a complete breach of the F5 system by executing arbitrary commands as root on the target system.
The firm advises prospects to restrict web fetch entry to to the Traffic Management Particular person Interface (TMUI).
Affected BIG-IP Versions and Fixes Released
Affected Versions | Fixes Released |
17.1.0 | 17.1.0.3 + Hotfix-BIGIP-17.1.0.3.0.75.4-ENG |
16.1.0 – 16.1.4 | 16.1.4.1 + Hotfix-BIGIP-16.1.4.1.0.50.5-ENG |
15.1.0 – 15.1.10 | 15.1.10.2 + Hotfix-BIGIP-15.1.10.2.0.44.2-ENG |
14.1.0 – 14.1.5 | 14.1.5.6 + Hotfix-BIGIP-14.1.5.6.0.10.6-ENG |
13.1.0 – 13.1.5 | 13.1.5.1 + Hotfix-BIGIP-13.1.5.1.0.20.2-ENG |
Mitigation
F5 has made a shell script accessible to customers of BIG-IP variations 14.1.0 and later.
“This script must no longer be oldschool on any BIG-IP version sooner than 14.1.0 or it could per chance well well forestall the Configuration utility from starting up”, F5 stated.
As non permanent mitigations, it’s probably you’ll well well per chance build the many the next unless a patched version will likely be achieve in. By limiting the Configuration utility’s fetch entry to to simplest trusted networks and gadgets, these mitigations lower the assault ground.
- Block Configuration utility fetch entry to by self-IP addresses
- Block Configuration utility fetch entry to by the management interface
Due to this, F5 suggests that you just pork as a lot as a version with the fix.
Source credit : cybersecuritynews.com