BDU%3A2023-07232
Уязвимость утилиты настройки программных продуктов BIG-IP средства контроля доступа и удаленной аутентификации BIG-IP Access Policy Manager, а также программных средств BIG-IP Advanced Firewall Manager, BIG-IP Analytics, BIG-IP Application Acceleration Manager, BIG-IP Application Security Manager, BIG-IP Hybrid Defender, BIG-IP Domain Name System, BIG-IP Fraud Protection Service, BIG-IP Link Controller, BIG-IP Local Traffic Manager, BIG-IP Policy Enforcement Manager, BIG-IP Orchestrator, связанная с возможностью обхода процедуры аутентификации посредством использования альтернативного пути или канала, позволяющая нарушителю выполнить произвольные системные команды
Risk Scores
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| F5 Networks, Inc. | BIG-IP Access Policy Manager, BIG-IP Advanced Firewall Manager, BIG-IP Analytics, BIG-IP Application Acceleration Manager, BIG-IP Application Security Manager, BIG-IP Fraud Protection Service, BIG-IP Link Controller, BIG-IP Local Traffic Manager, BIG-IP Policy Enforcement Manager, BIG-IP DDos Hybrid Defender, BIG-IP SSL Orchestrator | |
| F5 | BIG-IP | 17.1.0, 16.1.0, 15.1.0 |
Timeline
- Oct 28, 2023 CVE Published
- Oct 31, 2023 PoC Published
- Oct 31, 2023 PoC Published
- Nov 2, 2023 PoC Published
- Nov 3, 2023 PoC Published
- Sep 13, 2024 CVE Updated
- Oct 15, 2024 PoC Published
- Dec 22, 2024 PoC Published
- Dec 24, 2024 PoC Published
- Dec 24, 2024 PoC Published
- Jan 31, 2025 PoC Published
- Feb 6, 2025 PoC Published
References
- https://my.f5.com/manage/s/article/K000137353 url
- https://www.praetorian.com/blog/refresh-compromising-f5-big-ip-with-request-smuggling-cve-2023-46747/ url
- https://www.secpod.com/blog/f5-issues-warning-big-ip-vulnerability-used-in-active-exploit-chain/ url
- http://packetstormsecurity.com/files/175673/F5-BIG-IP-TMUI-AJP-Smuggling-Remote-Command-Execution.html url
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-46747 url