CVE-2023-46747

CVE-2023-46747 is a critical software vulnerability identified in F5 Networks' BIG-IP multi-purpose networking devices/modules. This flaw, an authentication bypass vulnerability, could allow unauthenticated remote code execution (RCE), giving potential attackers the ability to execute arbitrary commands on the affected system. Notably, this is one of three such vulnerabilities that have been discovered in the TMUI portal within the past three years, pointing to a concerning trend. F5 Networks confirmed that CVE-2023-46747, along with another BIG-IP vulnerability (CVE-2023-46748), are being actively exploited by attackers. A public proof-of-concept (PoC) code for the RCE vulnerability is available, which could increase the risk of exploitation. On November 10, 2023, security experts issued alerts about the ongoing exploitation of these vulnerabilities, including another unrelated vulnerability in Citrix (CVE-2023-4966). In response to these threats, F5 Networks has released hotfixes to address the vulnerabilities, including CVE-2023-46747. The company has provided these fixes via their official website, urging users to apply them immediately to mitigate the risk of unauthorized access and potential system compromise. It is crucial for all organizations using affected F5 BIG-IP modules to update their systems promptly to protect against these serious security vulnerabilities.