Описание
Undisclosed requests may bypass configuration utility authentication, allowing an attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
Undisclosed requests may bypass configuration utility authentication, allowing an attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2023-46747
- https://my.f5.com/manage/s/article/K000137353
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-46747
- https://www.secpod.com/blog/f5-issues-warning-big-ip-vulnerability-used-in-active-exploit-chain
- http://packetstormsecurity.com/files/175673/F5-BIG-IP-TMUI-AJP-Smuggling-Remote-Command-Execution.html
Связанные уязвимости
Undisclosed requests may bypass configuration utility authentication, allowing an attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
Уязвимость утилиты настройки программных продуктов BIG-IP средства контроля доступа и удаленной аутентификации BIG-IP Access Policy Manager, а также программных средств BIG-IP Advanced Firewall Manager, BIG-IP Analytics, BIG-IP Application Acceleration Manager, BIG-IP Application Security Manager, BIG-IP Hybrid Defender, BIG-IP Domain Name System, BIG-IP Fraud Protection Service, BIG-IP Link Controller, BIG-IP Local Traffic Manager, BIG-IP Policy Enforcement Manager, BIG-IP Orchestrator, связанная с возможностью обхода процедуры аутентификации посредством использования альтернативного пути или канала, позволяющая нарушителю выполнить произвольные системные команды