Follow

BIG-IP Configuration utility unauthenticated remote code execution vulnerability CVE-2023-46747

 

Date: Oct 30, 2023
Time: 12:30 pm NZST

F5 has publicly released a security advisory relating to a critical vulnerability in the BIG-IP appliance that may allow an unauthenticated attacker with network access to the BIG-IP system through the management port and/or self-IP addresses to execute arbitrary system commands.

Management access to all RedShield service components is provided to only trusted users; these connections require multi-factor authentication and occur over a secure network; management interfaces are therefore, not publicly available.

Furthermore, we have prioritised platform upgrades for the affected systems, these have started today and will complete by 3rd November.

We continuously monitor a range of sources for notifications of this type and will continue to take proactive steps to address such findings in any situation where our infrastructure could potentially be impacted.

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments