Cybersecurity Threat Advisory: F5 BIG-IP RCE vulnerability
This Cybersecurity Threat Advisory involves a critical vulnerability discovered in F5 BIG-IP products, identified as CVE-2023-46747. The vulnerability allows unauthenticated remote code execution and poses significant security risks. With a CVSS score of 9.8, immediate attention is required to mitigate potential consequences.
What is the threat?
The vulnerability in question, CVE-2023-46747, arises from the F5 BIG-IP Configuration Utility. It’s classified as a request smuggling vulnerability, enabling attackers to dispatch multiple HTTP requests within a single packet. Successful exploitation can lead to unauthenticated access to the Configuration Utility and the execution of arbitrary system commands.
Why is it noteworthy?
The significance of this threat lies in its potential impact. The vulnerability affects all F5 BIG-IP versions from 13.1.5 to 17.1.0, and it has already been associated with remote code execution. Notably, the researchers who discovered this vulnerability warn that it closely relates to CVE-2022-26377 and affects the Traffic Management User Interface (TMUI), which previously suffered from CVE-2022-1388 and CVE-2020-5902. High-profile organizations and government entities with externally facing instances of F5 software are at risk.
What is the exposure or risk?
- All versions of F5 BIG-IP from 13.1.5 to 17.1.0are exposed to this vulnerability.
- The vulnerability allows unauthenticated remote code execution, providing attackers with full administrative privileges.
- External instances of F5 software, including Fortune 500 companies and government entities, are vulnerable to potential compromise.
- Further compromise, system damage, and data breaches can occur if this vulnerability is leveraged, especially on high-value targets.
What are the recommendations?
Barracuda MSP recommends the following actions to limit the impact of this exploit:
- Immediately apply F5 BIG-IP patches to address the vulnerability.
- Implement Access Control Lists (ACLs) to restrict access to the Traffic Management User Interface (TMUI) from the internet.
- Utilize the Barracuda XDR solution to proactively monitor network traffic for any signs of exploitation or unusual behavior.
References:
For more in-depth information about the recommendations, please visit the following links:
- https://thehackernews.com/2023/10/f5-issues-warning-big-ip-vulnerability.html?m=1
- https://my.f5.com/manage/s/article/K000137353
- https://socradar.io/critical-vulnerability-in-f5-big-ip-configuration-utility-allows-request-smuggling-leads-to-rce-cve-2023-46747/
- https://securityboulevard.com/2023/10/technical-advisory-f5-big-ip-unauthenticated-rce-vulnerability-cve-2023-46747/
If you have any questions about this Cybersecurity Threat Advisory, please contact our Security Operations Center.