{
    "file_item": {
        "filepath": "security-advisories",
        "filename": "CERT-EU-SA2023-083.pdf"
    },
    "title": "Critical Vulnerability in F5 BIG-IP Configuration utility",
    "serial_number": "2023-083",
    "publish_date": "27-10-2023 21:04:34",
    "description": "On 26 October 2023, F5 released a security advisory for a critical vulnerability impacting BIG-IP that allows an <br>\n user to perform remote code execution. The vulnerability is tracked as CVE-2023-46747 with a CVSS score of 9.8 out of 10.<br>\n",
    "url_title": "2023-083",
    "content_markdown": "---\ntitle: 'Critical Vulnerability in F5 BIG-IP Configuration utility'\nnumber: '2023-083'\nversion: '1.0'\noriginal_date: 'October 26, 2023'\ndate: 'October 27, 2023'\n---\n\n_History:_\n\n* _27/10/2023 --- v1.0 -- Initial publication_\n\n# Summary\n\nOn 26 October 2023, F5 released a security advisory for a critical vulnerability impacting BIG-IP that allows an \n user to perform remote code execution. The vulnerability is tracked as **CVE-2023-46747** with a CVSS score of 9.8 out of 10. [1]\n\n# Technical Details\n\nThe **CVE-2023-46747** vulnerability may allow an unauthenticated attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands. The vulnerability resides in the Configuration utility component of the affected versions.\n\n# Affected products\n\nAll models of BIG-IP are affected.\n\n|Versions known to be vulnerable| Fixes introduced in|\n|-|-|\n|17.1.0|17.1.0.3 + Hotfix-BIGIP-17.1.0.3.0.75.4-ENG|\n|16.1.0 - 16.1.4|16.1.4.1 + Hotfix-BIGIP-16.1.4.1.0.50.5-ENG|\n|15.1.0 - 15.1.10| 15.1.10.2 + Hotfix-BIGIP-15.1.10.2.0.44.2-ENG|\n|14.1.0 - 14.1.5| 14.1.5.6 + Hotfix-BIGIP-14.1.5.6.0.10.6-ENG|\n|13.1.0 - 13.1.5|13.1.5.1 + Hotfix-BIGIP-13.1.5.1.0.20.2-ENG|\n\n_Software versions that have reached the End of Technical Support (EoTS) are not listed._\n\n# Mitigations \n\nF5 has provided a shell script specifically tailored for mitigating the identified issue on affected products version 14.1.0 and later. The script is designed to make necessary adjustments to configuration files. [1]\n\n_It is important not to run the script on software versions below 14.1.0._\n\n# Workarounds\n\nSince the vulnerable component is the Configuration utility of the product, F5 has provided two temporary workarounds [1] which are:\n\n- to block Configuration utility access through self IP addresses;\n- to block Configuration utility access through the management interface.\n\n# Recommendations\n\nCERT-EU strongly recommends taking one of the following actions as a priority:\n\n1. Update to the latest version of the affected software.\n2. Apply the provided mitigation and workarounds when updating is not possible immediately.\n\n# References\n\n[1] <https://my.f5.com/manage/s/article/K000137353>\n",
    "content_html": "<p><em>History:</em></p><ul><li><em>27/10/2023 --- v1.0 -- Initial publication</em></li></ul><h2 id=\"summary\">Summary</h2><p>On 26 October 2023, F5 released a security advisory for a critical vulnerability impacting BIG-IP that allows an user to perform remote code execution. The vulnerability is tracked as <strong>CVE-2023-46747</strong> with a CVSS score of 9.8 out of 10. [1]</p><h2 id=\"technical-details\">Technical Details</h2><p>The <strong>CVE-2023-46747</strong> vulnerability may allow an unauthenticated attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands. The vulnerability resides in the Configuration utility component of the affected versions.</p><h2 id=\"affected-products\">Affected products</h2><p>All models of BIG-IP are affected.</p><table><thead><tr><th>Versions known to be vulnerable</th><th>Fixes introduced in</th></tr></thead><tbody><tr><td>17.1.0</td><td>17.1.0.3 + Hotfix-BIGIP-17.1.0.3.0.75.4-ENG</td></tr><tr><td>16.1.0 - 16.1.4</td><td>16.1.4.1 + Hotfix-BIGIP-16.1.4.1.0.50.5-ENG</td></tr><tr><td>15.1.0 - 15.1.10</td><td>15.1.10.2 + Hotfix-BIGIP-15.1.10.2.0.44.2-ENG</td></tr><tr><td>14.1.0 - 14.1.5</td><td>14.1.5.6 + Hotfix-BIGIP-14.1.5.6.0.10.6-ENG</td></tr><tr><td>13.1.0 - 13.1.5</td><td>13.1.5.1 + Hotfix-BIGIP-13.1.5.1.0.20.2-ENG</td></tr></tbody></table><p><em>Software versions that have reached the End of Technical Support (EoTS) are not listed.</em></p><h2 id=\"mitigations\">Mitigations</h2><p>F5 has provided a shell script specifically tailored for mitigating the identified issue on affected products version 14.1.0 and later. The script is designed to make necessary adjustments to configuration files. [1]</p><p><em>It is important not to run the script on software versions below 14.1.0.</em></p><h2 id=\"workarounds\">Workarounds</h2><p>Since the vulnerable component is the Configuration utility of the product, F5 has provided two temporary workarounds [1] which are:</p><ul><li>to block Configuration utility access through self IP addresses;</li><li>to block Configuration utility access through the management interface.</li></ul><h2 id=\"recommendations\">Recommendations</h2><p>CERT-EU strongly recommends taking one of the following actions as a priority:</p><ol><li>Update to the latest version of the affected software.</li><li>Apply the provided mitigation and workarounds when updating is not possible immediately.</li></ol><h2 id=\"references\">References</h2><p>[1] <a rel=\"noopener\" target=\"_blank\" href=\"https://my.f5.com/manage/s/article/K000137353\">https://my.f5.com/manage/s/article/K000137353</a></p>",
    "licence": {
        "title": "Creative Commons Attribution 4.0 International (CC-BY 4.0)",
        "link": "https://creativecommons.org/licenses/by/4.0/",
        "restrictions": "https://cert.europa.eu/legal-notice",
        "author": "The Cybersecurity Service for the Union institutions, bodies, offices and agencies"
    }
}