all InfoSec news
F5 Patches Remote Code Execution Bug in BIG-IP
Malware Analysis, News and Indicators - Latest topics malware.news
F5 has released a fix for a critical-severity, unauthenticated remote code execution flaw in several versions of its BIG-IP security appliances.
The flaw (CVE-2023-46747) exists in the configuration utility of BIG-IP, and according to F5, certain (undisclosed) requests could enable attackers to bypass authentication methods for the utility, enabling them to potentially gain administrative privileges. The bug has a CVSS v3 score of 9.8 out of 10.
“This vulnerability may allow an unauthenticated attacker with network access to the BIG-IP …
attackers authentication authentication methods big big-ip bug bypass code code execution configuration critical cve enable fix flaw ip security patches remote code remote code execution requests security severity unauthenticated utility