F5 BIG-IP - Unauthenticated RCE via AJP Smuggling CVE-2023-46747
- CVSSv3 Score
- Vulnerability description
CVE-2023-46747 is a critical severity authentication bypass vulnerability in F5 BIG-IP that could allow an unauthenticated attacker to achieve remote code execution (RCE). The vulnerability impacts the BIG-IP Configuration utility, also known as the TMUI, wherein arbitrary requests can bypass authentication. The vulnerability received a CVSSv3 score of 9.8.\n
- Risk description
The risk exists that a remote unauthenticated attacker can fully compromise the server to steal confidential information, install ransomware, or pivot to the internal network.
We recommend you to upgrade the affected software to the latest version, which mitigates this vulnerability.
- Not available