F5 BIG-IP Configuration Utility Authentication Bypass (CVE-2023-46747)

Read Time:34 Second

What is the Attack?
The vulnerability allows an unauthenticated attacker to exploit an authentication bypass vulnerability in F5 BIG-IP system. The exploit requires a network access through the management port to execute arbitrary system commands. F5 has warned their customers that threat actors are actively exploiting the vulnerability.

What is the Vendor Solution?

F5 has released relevant firmware updates for the affected products. For more information, visit here.

What FortiGuard Coverage is available?

FortiGuard Labs has an IPS signature “F5.BIG-IP.TMUI.AJP.Smuggling.Authentication.Bypass” to detect and block any attack targeting the vulnerability.

FortiGuard Labs also advises users to install the latest available patches as soon as possible.

Microsoft: Happy 2025. Here’s 161 Security Updates

Upcoming Speaking Engagements

New AI Rule Aims to Prevent Misuse of US Technology

Browser-Based Cyber-Threats Surge as Email Malware Declines

Manchester Law Firm Leads 15,000 to Sue Google and Microsoft over AI Data

The First Password on the Internet

UK Considers Ban on Ransomware Payments by Public Bodies

Remediation Times Drop Sharply as Cyber Hygiene Take Up Surges

UK Registry Nominet Breached Via Ivanti Zero-Day

F5 BIG-IP Configuration Utility Authentication Bypass (CVE-2023-46747)

git-lfs-3.6.1-1.fc41

git-lfs-3.6.1-1.fc40

USN-7206-1: rsync vulnerabilities

Multiple Vulnerabilities in Fortinet Products Could Allow for Remote Code Execution

webkit2gtk4.0-2.46.5-1.fc41

webkit2gtk4.0-2.46.5-1.fc40