F5 fixes BIG-IP auth bypass allowing remote code execution attacks

A critical vulnerability in the F5 BIG-IP configuration utility, tracked as CVE-2023-46747, allows an attacker with remote access to the configuration utility to perform unauthenticated remote code execution.

“This vulnerability may allow an unauthenticated attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands,” reads F5’s security bulletin.

As F5 BIG-IP devices are used by governments, Fortune 500 firms, banks, service providers, and major consumer brands, it is strongly advised to apply any available fixes or mitigations to prevent the exploitation of these devices.

As shown in the past, the F5 BIG-IP TMUI has been exposed in the past, allowing attackers to exploit vulnerabilities to wipe devices and gain initial access to networks.

ASUS routers vulnerable to critical remote code execution flaws.

VMware fixes critical code execution flaw in vCenter Server.

Share this article on social media:

Subscribe to Our Newsletter!
Stay on top of cybersecurity risks, evolving threats and industry news.
This field is for validation purposes and should be left unchanged.

Recent News

Featured Services

The Latest Cybersecurity News

From major cyberattacks, newly discovered critical vulnerabilities to recommended best practices, read it here first:

BOOK A MEETING

Enter your Email Address

This field is for validation purposes and should be left unchanged.

* No free email provider (e.g: gmail.com, hotmail.com, etc.)

This site is registered on wpml.org as a development site. Switch to a production site key to remove this banner.