{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-46747", "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab", "state": "PUBLISHED", "assignerShortName": "f5", "dateReserved": "2023-10-25T18:51:34.198Z", "datePublished": "2023-10-26T20:04:53.929Z", "dateUpdated": "2023-11-06T08:16:47.735Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unknown", "modules": ["All Modules"], "product": "BIG-IP", "vendor": "F5", "versions": [{"changes": [{"at": "Hotfix-BIGIP-17.1.0.3.0.75.4-ENG.iso", "status": "unaffected"}, {"at": "Hotfix-BIGIP-17.1.1.0.2.6-ENG.iso", "status": "unaffected"}], "lessThan": "*", "status": "affected", "version": "17.1.0", "versionType": "semver"}, {"changes": [{"at": "Hotfix-BIGIP-16.1.4.1.0.50.5-ENG.iso", "status": "unaffected"}], "lessThan": "*", "status": "affected", "version": "16.1.0", "versionType": "semver"}, {"changes": [{"at": "Hotfix-BIGIP-15.1.10.2.0.44.2-ENG.iso", "status": "unaffected"}], "lessThan": "*", "status": "affected", "version": "15.1.0", "versionType": "semver"}, {"changes": [{"at": "Hotfix-BIGIP-14.1.5.6.0.10.6-ENG.iso", "status": "unaffected"}], "lessThan": "*", "status": "affected", "version": "14.1.0", "versionType": "semver"}, {"changes": [{"at": "Hotfix-BIGIP-13.1.5.1.0.20.2-ENG.iso", "status": "unaffected"}], "lessThan": "*", "status": "affected", "version": "13.1.0", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "F5 acknowledges Thomas Hendrickson and Michael Weber of Praetorian Security, Inc. for bringing this issue to our attention and following the highest standards of coordinated disclosure."}], "datePublic": "2023-10-26T17:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">\n\n<div>Undisclosed requests may bypass configuration utility authentication, allowing an attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands.<span style=\"background-color: var(--wht);\">&nbsp;&nbsp;</span><span style=\"background-color: var(--wht);\">Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated</span></div></span>"}], "value": "\n\n\nUndisclosed requests may bypass configuration utility authentication, allowing an attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands.\u00a0\u00a0Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated\n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-288", "description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab", "shortName": "f5", "dateUpdated": "2023-11-06T08:16:47.735Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://my.f5.com/manage/s/article/K000137353"}, {"url": "http://packetstormsecurity.com/files/175673/F5-BIG-IP-TMUI-AJP-Smuggling-Remote-Command-Execution.html"}, {"url": "https://www.secpod.com/blog/f5-issues-warning-big-ip-vulnerability-used-in-active-exploit-chain/"}], "source": {"discovery": "EXTERNAL"}, "title": "BIG-IP Configuration utility unauthenticated remote code execution vulnerability", "x_generator": {"engine": "F5 SIRTBot v1.0"}}}}

{"cisaActionDue": "2023-11-21", "cisaExploitAdd": "2023-10-31", "cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", "cisaVulnerabilityName": "F5 BIG-IP Configuration Utility Authentication Bypass Vulnerability", "configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "D93F04AD-DF14-48AB-9F13-8B2E491CF42E", "versionEndIncluding": "13.1.5", "versionStartIncluding": "13.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "7522C760-7E07-406F-BF50-5656D5723C4F", "versionEndIncluding": "14.1.5", "versionStartIncluding": "14.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "3A7F605E-EB10-40FB-98D6-7E3A95E310BC", "versionEndIncluding": "15.1.10", "versionStartIncluding": "15.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "783E62F2-F867-48F1-B123-D1227C970674", "versionEndIncluding": "16.1.4", "versionStartIncluding": "16.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "DB629442-AB06-4552-A7A2-CAF967E47C39", "versionEndIncluding": "17.1.1", "versionStartIncluding": "17.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "6603ED6A-3366-4572-AFCD-B3D4B1EC7606", "versionEndIncluding": "13.1.5", "versionStartIncluding": "13.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "88978E38-81D3-4EFE-8525-A300B101FA69", "versionEndIncluding": "14.1.5", "versionStartIncluding": "14.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "0510296F-92D7-4388-AE3A-0D9799C2FC4D", "versionEndIncluding": "15.1.10", "versionStartIncluding": "15.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "D7698D6C-B1F7-43C1-BBA6-88E956356B3D", "versionEndIncluding": "16.1.4", "versionStartIncluding": "16.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "E1EA69BC-2AAF-4652-BD2D-95BB754880AF", "versionEndIncluding": "17.1.1", "versionStartIncluding": "17.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*", "matchCriteriaId": "05E452AA-A520-4CBE-8767-147772B69194", "versionEndIncluding": "13.1.5", "versionStartIncluding": "13.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*", "matchCriteriaId": "596FC5D5-7329-4E39-841E-CAE937C02219", "versionEndIncluding": "14.1.5", "versionStartIncluding": "14.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*", "matchCriteriaId": "B3C7A168-F370-441E-8790-73014BCEC39F", "versionEndIncluding": "15.1.10", "versionStartIncluding": "15.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*", "matchCriteriaId": "CF16FD01-7704-40AB-ACB2-80A883804D22", "versionEndIncluding": "16.1.4", "versionStartIncluding": "16.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*", "matchCriteriaId": "732CE215-90B1-444A-BBA4-3FF63D6C63DF", "versionEndIncluding": "17.1.1", "versionStartIncluding": "17.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:*", "matchCriteriaId": "4C9FCBCB-9CE0-49E7-85C8-69E71D211912", "versionEndIncluding": "13.1.5", "versionStartIncluding": "13.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:*", "matchCriteriaId": "112DFA85-90AD-478D-BD70-8C7C0C074F1B", "versionEndIncluding": "14.1.5", "versionStartIncluding": "14.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:*", "matchCriteriaId": "DB704A1C-D8B7-48BB-A15A-C14DB591FE4A", "versionEndIncluding": "15.1.10", "versionStartIncluding": "15.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:*", "matchCriteriaId": "21D51D9F-2840-4DEA-A007-D20111A1745C", "versionEndIncluding": "16.1.4", "versionStartIncluding": "16.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:*", "matchCriteriaId": "C640FA3F-7AB7-4875-B01D-9DB41CEB432B", "versionEndIncluding": "17.1.1", "versionStartIncluding": "17.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*", "matchCriteriaId": "CAEF3EA4-7D5A-4B44-9CE3-258AEC745866", "versionEndIncluding": "13.1.5", "versionStartIncluding": "13.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*", "matchCriteriaId": "2FBCE2D1-9D93-415D-AB2C-2060307C305A", "versionEndIncluding": "14.1.5", "versionStartIncluding": "14.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*", "matchCriteriaId": "8070B469-8CC4-4D2F-97D7-12D0ABB963C1", "versionEndIncluding": "15.1.10", "versionStartIncluding": "15.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*", "matchCriteriaId": "A326597E-725D-45DE-BEF7-2ED92137B253", "versionEndIncluding": "16.1.4", "versionStartIncluding": "16.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*", "matchCriteriaId": "7479843E-F2D9-4815-95BC-F4223119753C", "versionEndIncluding": "17.1.1", "versionStartIncluding": "17.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*", "matchCriteriaId": "8A6F9699-A485-4614-8F38-5A556D31617E", "versionEndIncluding": "13.1.5", "versionStartIncluding": "13.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*", "matchCriteriaId": "5A90F547-97A2-41EC-9FDF-25F869F0FA38", "versionEndIncluding": "14.1.5", "versionStartIncluding": "14.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*", "matchCriteriaId": "E76E1B82-F1DC-4366-B388-DBDF16C586A0", "versionEndIncluding": "15.1.10", "versionStartIncluding": "15.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*", "matchCriteriaId": "660137F4-15A1-42D1-BBAC-99A1D5BB398B", "versionEndIncluding": "16.1.4", "versionStartIncluding": "16.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*", "matchCriteriaId": "25E7DBE6-D708-4257-BA8B-90A4DB6DE1EA", "versionEndIncluding": "17.1.1", "versionStartIncluding": "17.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", "matchCriteriaId": "08B25AAB-A98C-4F89-9131-29E3A8C0ED23", "versionEndIncluding": "13.1.5", "versionStartIncluding": "13.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", "matchCriteriaId": "ED9B976A-D3AD-4445-BF8A-067C3EBDFBB0", "versionEndIncluding": "14.1.5", "versionStartIncluding": "14.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", "matchCriteriaId": "98D2CE1E-DED0-470A-AA78-C78EF769C38E", "versionEndIncluding": "15.1.10", "versionStartIncluding": "15.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", "matchCriteriaId": "C966FABA-7199-4F0D-AB8C-4590FE9D2FFF", "versionEndIncluding": "16.1.4", "versionStartIncluding": "16.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", "matchCriteriaId": "375D359B-E05B-4AEC-9B39-46911847A410", "versionEndIncluding": "17.1.1", "versionStartIncluding": "17.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "0360F76D-E75E-4B05-A294-B47012323ED9", "versionEndIncluding": "13.1.5", "versionStartIncluding": "13.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "7A4607BF-41AC-4E84-A110-74E085FF0445", "versionEndIncluding": "14.1.5", "versionStartIncluding": "14.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "441CC945-7CA3-49C0-AE10-94725301E31D", "versionEndIncluding": "15.1.10", "versionStartIncluding": "15.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "46BA8E8A-6ED5-4FB2-8BBC-586AA031085A", "versionEndIncluding": "16.1.4", "versionStartIncluding": "16.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "820076A8-F163-4471-8B1E-5290BD1D6D93", "versionEndIncluding": "17.1.1", "versionStartIncluding": "17.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "8257AA59-C14D-4EC1-B22C-DFBB92CBC297", "versionEndIncluding": "13.1.5", "versionStartIncluding": "13.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "37DB32BB-F4BA-4FB5-94B1-55C3F06749CF", "versionEndIncluding": "14.1.5", "versionStartIncluding": "14.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "FFF5007E-761C-4697-8D34-C064DF0ABE8D", "versionEndIncluding": "15.1.10", "versionStartIncluding": "15.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "910441D3-90EF-4375-B007-D51120A60AB2", "versionEndIncluding": "16.1.4", "versionStartIncluding": "16.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "17523F89-DF78-45B7-AEAB-A4886E99E08B", "versionEndIncluding": "17.1.1", "versionStartIncluding": "17.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:f5:big-ip_automation_toolchain:*:*:*:*:*:*:*:*", "matchCriteriaId": "89ADA880-7A5B-49DA-AEA4-BC19D7C41916", "versionEndIncluding": "13.1.5", "versionStartIncluding": "13.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_automation_toolchain:*:*:*:*:*:*:*:*", "matchCriteriaId": "3D33AA82-3AE5-4165-9B54-8C03381D98AD", "versionEndIncluding": "14.1.5", "versionStartIncluding": "14.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_automation_toolchain:*:*:*:*:*:*:*:*", "matchCriteriaId": "56800E2E-119D-468B-B407-9CFACD8C00D7", "versionEndIncluding": "15.1.10", "versionStartIncluding": "15.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_automation_toolchain:*:*:*:*:*:*:*:*", "matchCriteriaId": "CAA278BA-B020-4BED-91DA-1CD8966512D6", "versionEndIncluding": "16.1.4", "versionStartIncluding": "16.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_automation_toolchain:*:*:*:*:*:*:*:*", "matchCriteriaId": "E874DD74-E654-44EE-A1A3-57D7CA772FB1", "versionEndIncluding": "17.1.1", "versionStartIncluding": "17.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:f5:big-ip_container_ingress_services:*:*:*:*:*:*:*:*", "matchCriteriaId": "5D87EE02-C9AF-4824-BAB1-5F674C51D78E", "versionEndIncluding": "13.1.5", "versionStartIncluding": "13.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_container_ingress_services:*:*:*:*:*:*:*:*", "matchCriteriaId": "5630F852-7110-4332-95DF-2D34365BA076", "versionEndIncluding": "14.1.5", "versionStartIncluding": "14.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_container_ingress_services:*:*:*:*:*:*:*:*", "matchCriteriaId": "425A5D8F-C719-459F-8FF4-FC3EFB4B6BB3", "versionEndIncluding": "15.1.10", "versionStartIncluding": "15.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_container_ingress_services:*:*:*:*:*:*:*:*", "matchCriteriaId": "3095B6F6-C2FF-44B2-97AA-EEF5F475A608", "versionEndIncluding": "16.1.4", "versionStartIncluding": "16.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_container_ingress_services:*:*:*:*:*:*:*:*", "matchCriteriaId": "437CA326-41B9-4DBD-93B6-1FF93F5EAFCE", "versionEndIncluding": "17.1.1", "versionStartIncluding": "17.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "922AA845-530A-4B4B-9976-4CBC30C8A324", "versionEndIncluding": "13.1.5", "versionStartIncluding": "13.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "F938EB43-8373-47EB-B269-C6DF058A9244", "versionEndIncluding": "14.1.5", "versionStartIncluding": "14.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "1771493E-ACAA-477F-8AB4-25DB12F6AD6E", "versionEndIncluding": "15.1.10", "versionStartIncluding": "15.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "5E86F3D5-65A4-48CE-A6A2-736BBB88E3F8", "versionEndIncluding": "16.1.4", "versionStartIncluding": "16.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "31C4D96A-6D71-44B5-8B94-AE9DFA93873B", "versionEndIncluding": "17.1.1", "versionStartIncluding": "17.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", "matchCriteriaId": "9167FEC1-2C37-4946-9657-B4E69301FB24", "versionEndIncluding": "13.1.5", "versionStartIncluding": "13.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", "matchCriteriaId": "7B4B3442-E0C0-48CD-87AD-060E15C9801E", "versionEndIncluding": "14.1.5", "versionStartIncluding": "14.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", "matchCriteriaId": "8FA85EC1-D91A-49DD-949B-2AF7AC813CA5", "versionEndIncluding": "15.1.10", "versionStartIncluding": "15.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", "matchCriteriaId": "20662BB0-4C3D-4CF0-B068-3555C65DD06C", "versionEndIncluding": "16.1.4", "versionStartIncluding": "16.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", "matchCriteriaId": "D64EDCAD-F658-41A9-8838-41A2913EE8B7", "versionEndIncluding": "17.1.1", "versionStartIncluding": "17.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "7EC2324D-EC8B-41DF-88A7-819E53AAD0FC", "versionEndIncluding": "13.1.5", "versionStartIncluding": "13.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "9B88F9D1-B54B-40C7-A18A-26C4A071D7EC", "versionEndIncluding": "14.1.5", "versionStartIncluding": "14.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "C8F39403-C259-4D6F-9E9A-53671017EEDB", "versionEndIncluding": "15.1.10", "versionStartIncluding": "15.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "220F2D38-FA82-45EF-B957-7678C9FEDBC1", "versionEndIncluding": "16.1.4", "versionStartIncluding": "16.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "33B4FE55-81A7-41F8-ADB8-B0F84C8205C4", "versionEndIncluding": "17.1.1", "versionStartIncluding": "17.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:*", "matchCriteriaId": "C7E422F6-C4C2-43AC-B137-0997B5739030", "versionEndIncluding": "13.1.5", "versionStartIncluding": "13.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:*", "matchCriteriaId": "CC3F710F-DBCB-4976-9719-CF063DA22377", "versionEndIncluding": "14.1.5", "versionStartIncluding": "14.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:*", "matchCriteriaId": "4B9B76A1-7C5A-453F-A4ED-F1A81BCEBEB5", "versionEndIncluding": "15.1.10", "versionStartIncluding": "15.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:*", "matchCriteriaId": "88EDFCD9-775C-48FA-9CDA-2B04DA8D0612", "versionEndIncluding": "16.1.4", "versionStartIncluding": "16.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:*", "matchCriteriaId": "8C61E3E7-C594-40D9-936A-19CD26B170E6", "versionEndIncluding": "17.1.1", "versionStartIncluding": "17.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_services:*:*:*:*:*:*:*:*", "matchCriteriaId": "84D9CD72-ED25-4447-9DD5-41ED51C891E5", "versionEndIncluding": "13.1.5", "versionStartIncluding": "13.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_services:*:*:*:*:*:*:*:*", "matchCriteriaId": "00DEABFC-139A-4306-BCFA-6CE700D64327", "versionEndIncluding": "14.1.5", "versionStartIncluding": "14.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_services:*:*:*:*:*:*:*:*", "matchCriteriaId": "958C34E5-668D-416A-99AF-2C6F042A2215", "versionEndIncluding": "15.1.10", "versionStartIncluding": "15.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_services:*:*:*:*:*:*:*:*", "matchCriteriaId": "659376E8-FCCA-45E1-BDFB-C50117A66484", "versionEndIncluding": "16.1.4", "versionStartIncluding": "16.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_services:*:*:*:*:*:*:*:*", "matchCriteriaId": "B84C35AD-D355-4DB4-99F1-6EBA2D91F322", "versionEndIncluding": "17.1.1", "versionStartIncluding": "17.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "E6018B01-048C-43BB-A78D-66910ED60CA9", "versionEndIncluding": "13.1.5", "versionStartIncluding": "13.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "3A6A5686-5A8B-45D5-9165-BC99D2CCAC47", "versionEndIncluding": "14.1.5", "versionStartIncluding": "14.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "5D2A121F-5BD2-4263-8ED3-1DDE25B5C306", "versionEndIncluding": "15.1.10", "versionStartIncluding": "15.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "0A4F7BAD-3EDD-4DE0-AAB7-DE5ACA34DD79", "versionEndIncluding": "16.1.4", "versionStartIncluding": "16.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "DF43CD3A-2C94-4663-B5D5-0327FD3E1F3D", "versionEndIncluding": "17.1.1", "versionStartIncluding": "17.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", "matchCriteriaId": "D9EC2237-117F-43BD-ADEC-516CF72E04EF", "versionEndIncluding": "13.1.5", "versionStartIncluding": "13.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", "matchCriteriaId": "F70D4B6F-65CF-48F4-9A07-072DFBCE53D9", "versionEndIncluding": "14.1.5", "versionStartIncluding": "14.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", "matchCriteriaId": "29563719-1AF2-4BB8-8CCA-A0869F87795D", "versionEndIncluding": "15.1.10", "versionStartIncluding": "15.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", "matchCriteriaId": "D24815DD-579A-46D1-B9F2-3BB2C56BC54D", "versionEndIncluding": "16.1.4", "versionStartIncluding": "16.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", "matchCriteriaId": "95C1F4F7-7533-44CE-BE4C-BF71EAFA62EA", "versionEndIncluding": "17.1.1", "versionStartIncluding": "17.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*", "matchCriteriaId": "1932D32D-0E4B-4BBD-816F-6D47AB2E2F04", "versionEndIncluding": "13.1.5", "versionStartIncluding": "13.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*", "matchCriteriaId": "D47B7691-A95B-45C0-BAB4-27E047F3C379", "versionEndIncluding": "14.1.5", "versionStartIncluding": "14.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*", "matchCriteriaId": "2CD1637D-0E42-4928-867A-BA0FDB6E8462", "versionEndIncluding": "15.1.10", "versionStartIncluding": "15.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*", "matchCriteriaId": "3A599F90-F66B-4DF0-AD7D-D234F328BD59", "versionEndIncluding": "16.1.4", "versionStartIncluding": "16.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*", "matchCriteriaId": "609593AD-6E6D-4B8D-B01B-EF4768E8DF10", "versionEndIncluding": "17.1.1", "versionStartIncluding": "17.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*", "matchCriteriaId": "5326759A-AFB0-4A15-B4E9-3C9A2E5DB32A", "versionEndIncluding": "13.1.5", "versionStartIncluding": "13.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*", "matchCriteriaId": "57D92D05-C67D-437E-88F3-DCC3F6B0ED2F", "versionEndIncluding": "14.1.5", "versionStartIncluding": "14.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*", "matchCriteriaId": "ECCB8C30-861E-4E48-A5F5-30EE523C1FB6", "versionEndIncluding": "15.1.10", "versionStartIncluding": "15.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*", "matchCriteriaId": "F5FEAD2A-3A58-432E-BEBB-6E3FDE24395F", "versionEndIncluding": "16.1.4", "versionStartIncluding": "16.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*", "matchCriteriaId": "2044D97E-5637-45BA-A004-A717B5E793FD", "versionEndIncluding": "17.1.1", "versionStartIncluding": "17.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "\n\n\nUndisclosed requests may bypass configuration utility authentication, allowing an attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands.\u00a0\u00a0Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated\n\n"}, {"lang": "es", "value": "Las solicitudes no divulgadas pueden omitir la autenticaci\u00f3n de la utilidad de configuraci\u00f3n, lo que permite a un atacante con acceso de red al sistema BIG-IP a trav\u00e9s del puerto de administraci\u00f3n y/o direcciones IP propias ejecutar comandos arbitrarios del sistema. Nota: Las versiones de software que han llegado al End of Technical Support (EoTS) no se eval\u00faan"}], "id": "CVE-2023-46747", "lastModified": "2024-02-01T02:15:55.817", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "f5sirt@f5.com", "type": "Secondary"}]}, "published": "2023-10-26T21:15:08.097", "references": [{"source": "f5sirt@f5.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/175673/F5-BIG-IP-TMUI-AJP-Smuggling-Remote-Command-Execution.html"}, {"source": "f5sirt@f5.com", "tags": ["Vendor Advisory"], "url": "https://my.f5.com/manage/s/article/K000137353"}, {"source": "f5sirt@f5.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://www.secpod.com/blog/f5-issues-warning-big-ip-vulnerability-used-in-active-exploit-chain/"}], "sourceIdentifier": "f5sirt@f5.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-306"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-288"}], "source": "f5sirt@f5.com", "type": "Secondary"}]}

{}