VDB
BDU%3A2023-07400
BDU%3A2023-07400
PUBLISHED
CVSS 8.5 HIGH
Уязвимость утилиты настройки средств контроля доступа и удаленной аутентификации BIG-IP, позволяющая нарушителю выполнить произвольные команды
Risk Scores
CVSS 2.0
8.5
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| F5 Networks, Inc. | BIG-IP Access Policy Manager, BIG-IP Advanced Firewall Manager, BIG-IP Analytics, BIG-IP Application Acceleration Manager, BIG-IP Application Security Manager, BIG-IP Domain Name System, BIG-IP Fraud Protection Service, BIG-IP Global Traffic Manager, BIG-IP Link Controller, BIG-IP Local Traffic Manager, BIG-IP Policy Enforcement Manager, BIG-IP Advanced Web Application Firewall, BIG-IP DDos Hybrid Defender, BIG-IP WebSafe, BIG-IP Webaccelerator, BIG-IP SSL Orchestrator, BIG-IP Application Visibility and Reporting (AVR), BIG-IP Carrier-Grade NAT (CGNAT) | |
| F5 | BIG-IP | 17.1.0, 15.1.0, 13.1.0 |
Timeline
- Oct 31, 2023 PoC Published
- Nov 1, 2023 CVE Published
- Nov 3, 2023 PoC Published
- Dec 24, 2024 PoC Published
- Dec 24, 2024 PoC Published
- Feb 23, 2025 PoC Published
- Feb 2, 2026 PoC Published
References
- https://my.f5.com/manage/s/article/K000137365 url
- https://vuldb.com/ru/?id.243656 url
- https://www.praetorian.com/blog/refresh-compromising-f5-big-ip-with-request-smuggling-cve-2023-46747/ url
- https://my.f5.com/manage/s/article/K46122561 advisory
- https://www.secpod.com/blog/f5-issues-warning-big-ip-vulnerability-used-in-active-exploit-chain/ url
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-46748 url