Detections
Analytics
CVE-2023-46747
critical
Description
Undisclosed requests may bypass configuration utility authentication, allowing an attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
From the Tenable Blog
CVE-2023-46747: Critical Authentication Bypass Vulnerability in F5 BIG-IP
Published: 2023-10-27
A critical authentication bypass vulnerability in F5’s BIG-IP could allow remote, unauthenticated attackers to execute system commands. Organizations are encouraged to apply patches as soon as possible.
References
https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-242a
https://www.mandiant.com/resources/blog/initial-access-brokers-exploit-f5-screenconnect
https://www.securityweek.com/attackers-exploiting-critical-f5-big-ip-vulnerability/
Details
Published: 2023-10-26
Updated: 2025-04-02
Named Vulnerability: F5 BIG-IPKnown Exploited Vulnerability (KEV)
Risk Information
CVSS v2
Base Score: 10
Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
Severity: Critical
CVSS v3
Base Score: 9.8
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: Critical
EPSS
EPSS: 0.94441