.. / CVE-2023-46747

Exploit for F5 BIG-IP - Unauthenticated Remote Code Execution (CVE-2023-46747)

Description:

CVE-2023-46747 is a critical severity authentication bypass vulnerability in F5 BIG-IP that could allow an unauthenticated attacker to achieve remote code execution (RCE). The vulnerability impacts the BIG-IP Configuration utility, also known as the TMUI, wherein arbitrary requests can bypass authentication. The vulnerability received a CVSSv3 score of 9.8.

Affected Products:

Proof of Concept

PoC exploit

Nuclei Template

View the template here CVE-2023-46747.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2023/CVE-2023-46747.yaml
Copy

References:

https://nvd.nist.gov/vuln/detail/CVE-2023-46747
https://www.praetorian.com/blog/refresh-compromising-f5-big-ip-with-request-smuggling-cve-2023-46747/
https://my.f5.com/manage/s/article/K000137353
http://packetstormsecurity.com/files/175673/F5-BIG-IP-TMUI-AJP-Smuggling-Remote-Command-Execution.html
https://www.secpod.com/blog/f5-issues-warning-big-ip-vulnerability-used-in-active-exploit-chain/