F5 has issued a critical security warning regarding a vulnerability affecting its BIG-IP system, capable of enabling unauthenticated remote code execution. This vulnerability, identified as CVE-2023-46747, has received a high CVSS score of 9.8 out of 10. It poses a significant risk, as malicious actors with network access to BIG-IP systems through management ports or self IP addresses could exploit this flaw to execute arbitrary system commands.
Furthermore, this is considered a control plane issue, with no data plane exposure. F5 has identified the affected versions and provided mitigation measures, including a shell script and workarounds for users to safeguard their systems against potential attacks.
Additionally, the vulnerability was discovered by Michael Weber and Thomas Hendrickson of Praetorian on October 4, 2023. Praetorian has described CVE-2023-46747 as an authentication bypass issue that could potentially lead to a complete compromise of the F5 system, allowing attackers to execute arbitrary commands as the root user on the target system.
The security company also recommends restricting access to the Traffic Management User Interface (TMUI) from the internet, emphasizing the importance of addressing this issue promptly. Notably, this vulnerability is the third unauthenticated remote code execution flaw found in TMUI, following CVE-2020-5902 and CVE-2022-1388, underscoring the importance of securing these systems in a timely manner.