F5 has alerted prospects of a critical security vulnerability impacting Significant-IP that could end result in unauthenticated distant code execution.
The issue, rooted in the configuration utility element, has been assigned the CVE identifier CVE-2023-46747, and carries a CVSS rating of 9.8 out of a optimum of 10.
“This vulnerability might let an unauthenticated attacker with network obtain to the Large-IP procedure by means of the management port and/or self IP addresses to execute arbitrary system instructions,” F5 claimed in an advisory launched Thursday. “There is no facts airplane exposure this is a regulate aircraft issue only.”
The subsequent variations of Major-IP have been discovered to be vulnerable –
- 17.1. (Set in 17.1..3 + Hotfix-BIGIP-17.1..3..75.4-ENG)
- 16.1. – 16.1.4 (Fastened in 16.1.4.1 + Hotfix-BIGIP-16.1.4.1..50.5-ENG)
- 15.1. – 15.1.10 (Set in 15.1.10.2 + Hotfix-BIGIP-15.1.10.2..44.2-ENG)
- 14.1. – 14.1.5 (Fixed in 14.1.5.6 + Hotfix-BIGIP-14.1.5.6..10.6-ENG)
- 13.1. – 13.1.5 (Fixed in 13.1.5.1 + Hotfix-BIGIP-13.1.5.1..20.2-ENG)
As mitigations, F5 has also designed out there a shell script for buyers of Significant-IP versions 14.1. and later. “This script should not be employed on any Significant-IP model prior to 14.1. or it will avert the Configuration utility from starting,” the firm warned.
Other non permanent workarounds accessible for users are beneath –
- Block Configuration utility accessibility as a result of self IP addresses
- Block Configuration utility obtain by way of the administration interface
Michael Weber and Thomas Hendrickson of Praetorian have been credited with identifying and reporting the vulnerability on Oct 4, 2023.
The cybersecurity business, in a specialized report of its very own, explained CVE-2023-46747 as an authentication bypass issue that can guide to a whole compromise of the F5 system by executing arbitrary instructions as root on the goal program, noting it can be “carefully associated to CVE-2022-26377.”
Praetorian is also recommending that consumers restrict entry to the Targeted visitors Management Consumer Interface (TMUI) from the internet. It’s worth noting that CVE-2023-46747 is the 3rd unauthenticated remote code execution flaw uncovered in TMUI just after CVE-2020-5902 and CVE-2022-1388.
“A seemingly minimal effects request smuggling bug can turn into a serious issue when two various services offload authentication tasks onto each other,” the scientists reported. “Sending requests to the ‘backend’ company that assumes the ‘frontend’ dealt with authentication can direct to some intriguing conduct.”
Observed this short article appealing? Comply with us on Twitter and LinkedIn to browse additional distinctive material we publish.
Some parts of this article are sourced from:
thehackernews.com