CVE-2023-46747

CriticalKnown ExploitedRansomware

Undisclosed requests may bypass configuration utility authentication, allowing an attacker with network access to the BIG-IP system through…

f5·CWE-288·Published 2023-10-26

CVSS

9.8

EPSS

0.97

KEV

Yes

Exploits

cve.orgen

316 chars

Undisclosed requests may bypass configuration utility authentication, allowing an attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

NVDen

316 chars

NVDes

363 chars

Las solicitudes no divulgadas pueden omitir la autenticación de la utilidad de configuración, lo que permite a un atacante con acceso de red al sistema BIG-IP a través del puerto de administración y/o direcciones IP propias ejecutar comandos arbitrarios del sistema. Nota: Las versiones de software que han llegado al End of Technical Support (EoTS) no se evalúan

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
3.1	Primary	cve.org	9.8	—	—	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
3.1	Primary	NVD	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
3.1	Secondary	NVD	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H