Exploit for #VU82544 Authentication bypass using an alternate path or channel in BIG-IP and BIG-IQ Centralized Management

Published: 2023-11-02 | Updated: 2023-12-19

Vulnerability identifier: #VU82544

Vulnerability risk: High

CVSSv3.1: 9.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C]

CVE-ID: CVE-2023-46747

CWE-ID: CWE-288

Exploitation vector: Network

Exploits in database: 2

December 19, 2023
- CVE-2023-46747-RCE (exploit for f5-big-ip RCE cve-2023-46747) [Github]
November 2, 2023
- F5 BIG-IP TMUI AJP Smuggling RCE [Metasploit]

Impact: Code execution

Vulnerable software:
BIG-IP
Hardware solutions / Firmware
BIG-IQ Centralized Management
Server applications / Remote management servers, RDP, SSH

Vendor: F5 Networks