HomePentest-Tools.com Logo

F5 BIG-IP - Remote Code Execution CVE-2023-46747

Severity
CVSSv3 Score
9.8
Vulnerability description

BIG-IP F5 is vulnerable to CVE-2023-46747, a Remote Code Execution vulnerability. The root cause of this vulnerability consists of a misconfiguration that allows a remote unauthenticated attacker to craft a smuggled AJP request inside an HTTP POST request to add a new user to the server and use it to execute remote commands.

Risk description

The risk exists that an unauthenticated remote attacker could gain full access which will result in a fully compromised server through which they could steal confidential information, install ransomware, or pivot to the internal network.

Exploit capabilities

Sniper can gain unauthenticated Remote Code Execution on the target system and extract multiple artefacts as evidence.

Recommendation
Not available
Codename
Not available
Detectable with
Network Scanner
Scan engine
Sniper
Exploitable with Sniper
Yes
CVE Published
Oct 26, 2023
Detection added at
Software Type
VPN gateway
Vendor
F5
Product
BIG-IP