F5 recently disclosed a critical security flaw in BIG-IP (CVE-2023-46747) not actively exploited in the wild, whichallows an attacker with remote access to the configuration utility to perform unauthenticated remote code execution.
Summary This vulnerability may allow an unauthenticated attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands. There is no data plane exposure; this is a control plane issue only.
Severity level CVSS Score: 9.8/critical
Affected Versions
17.x: 17.1.0
16.x: 16.1.0 – 16.1.4
15.x: 15.1.0 – 15.1.10
14.x: 14.1.0 – 14.1.5
13.x: 13.1.0 – 13.1.5
Impact Unauthenticated access to BIG-IP systems. Resolution Update to the fixed versions. Until it is possible to install a fixed version, you can use the mitigations techniques mentioned below.
Organizations using the affected versions of F5 BIG-IP should promptly apply the patches provided by F5. These patches address the vulnerability and secure the systems against potential exploitation.
Ensure that all systems are up to date and running the latest security patches.
As an interim measure, organizations should restrict access to the configuration utility of BIG-IP until patches can be applied. To reduce the attack surface, access should be limited to trusted networks or devices.
The Traffic Management User Interface (TMUI) of the F5 system should not be exposed to the open internet. This configuration step is crucial as it further reduces the potential for external malicious actors to exploit the vulnerability.
Organizations should monitor advisories from F5 and other relevant cybersecurity entities to stay updated on any new developments related to this vulnerability or any other potential threats.
If you are running a F5 BIG-IP appliance in your environment, please advise the Information Security team at infosec@yorku.ca.