Dear All,
F5 has alerted customers of a critical security vulnerability impacting BIG-IP that could result in unauthenticated remote code execution.
The issue, rooted in the configuration utility component, has been assigned the CVE identifier CVE-2023-46747, and carries a CVSS score of 9.8 out of a maximum of 10.
https://thehackernews.com/2023/10/f5-issues-warning-big-ip-vulnerability.html
From the advisory: "this is a control plane issue only.". In other words, it is an attack against the management interface. The important reminder for all of us (even those who are not F5 customers) is that management interfaces should only be accessible to those who need to manage the device.
Even the login prompt itself ought to whitelisted from source-IP addresses where your admins may likely be (office subnet, VPN addreses, etc.). The goal being to prevent an actor from staging an authentication bypass attack against a particularly powerful interface.
Hi @denbesten
Thanks for sharing your thoughts and comments and suggestions.