virus logo Threat Signal Report

F5 BIG-IP Configuration Utility Authentication Bypass (CVE-2023-46747)

Description

What is the Attack? The vulnerability allows an unauthenticated attacker to exploit an authentication bypass vulnerability in F5 BIG-IP system. The exploit requires a network access through the management port to execute arbitrary system commands. F5 has warned their customers that threat actors are actively exploiting the vulnerability.
What is the Vendor Solution?
F5 has released relevant firmware updates for the affected products. For more information, visit here.
What FortiGuard Coverage is available? FortiGuard Labs has an IPS signature "F5.BIG-IP.TMUI.AJP.Smuggling.Authentication.Bypass" to detect and block any attack targeting the vulnerability.
FortiGuard Labs also advises users to install the latest available patches as soon as possible.

Telemetry

ID 72
Date Nov 09, 2023
CVE ID CVE-2023-46747
Threat/
Vulnerability		 Vulnerability
Experienced a Breach? We're here to help FortiGuard Incident Response Services
FortiGuard Incident Response Services