HomeVulnerabilityF5 fixes BIG-IP auth bypass permitting distant code execution assaults

F5 fixes BIG-IP auth bypass permitting distant code execution assaults

A crucial vulnerability within the F5 BIG-IP configuration utility, tracked as CVE-2023-46747, permits an attacker with distant entry to the configuration utility to carry out unauthenticated distant code execution.

The flaw has obtained a CVSS v3.1 rating of 9.8, ranking it “crucial,” as it may be exploited with out authentication in low-complexity assaults.

“This vulnerability could permit an unauthenticated attacker with community entry to the BIG-IP system by means of the administration port and/or self IP addresses to execute arbitrary system instructions,” reads F5’s security bulletin.

Menace actors can solely exploit gadgets which have the Site visitors Administration Person Interface (TMUI) uncovered to the web and don’t have an effect on the info aircraft. 

Nonetheless, because the TMUI is usually uncovered internally, a risk actor who has already compromised a community may exploit the flaw.

The affected BIG-IP variations are the next:

  • 17.x: 17.1.0
  • 16.x: 16.1.0 – 16.1.4
  • 15.x: 15.1.0 – 15.1.10
  • 14.x: 14.1.0 – 14.1.5
  • 13.x: 13.1.0 – 13.1.5
See also  Ivanti Vulnerability Exploited to Set up 'DSLog' Backdoor on 670+ IT Infrastructures

CVE-2023-46747 doesn’t affect the BIG-IP Subsequent, BIG-IQ Centralized Administration, F5 Distributed Cloud Companies, F5OS, NGINX, and Traffix SDC merchandise.

Unsupported product variations which have reached EoL (finish of life) haven’t been evaluated towards CVE-2023-46747, so they might or is probably not weak. 

As a result of dangers concerned in utilizing these variations, the advice is to improve to a supported model as quickly as potential.

Disclosure and fixing

The difficulty was found by Praetorian Safety researchers Thomas Hendrickson and Michael Weber, who reported it to the seller on October 5, 2023.

Praetorian shared extra technical particulars on CVE-2023-46747 by way of a weblog submit, with the researchers promising to reveal the total exploitation particulars as soon as system patching has picked up.

F5 confirmed that it had reproduced the vulnerability on October 12 and revealed the security replace together with the advisory on October 26, 2023.

The really helpful replace variations that handle the vulnerability are:

  • 17.1.0.3 + Hotfix-BIGIP-17.1.0.3.0.75.4-ENG
  • 16.1.4.1 + Hotfix-BIGIP-16.1.4.1.0.50.5-ENG
  • 15.1.10.2 + Hotfix-BIGIP-15.1.10.2.0.44.2-ENG
  • 14.1.5.6 + Hotfix-BIGIP-14.1.5.6.0.10.6-ENG
  • 13.1.5.1 + Hotfix-BIGIP-13.1.5.1.0.20.2-ENG
See also  Vital Jenkins Vulnerability Exposes Servers to RCE Attacks

F5 has additionally offered a script within the advisory to assist directors unable to use the out there security replace to mitigate the issue.

It must be famous that the script is simply appropriate for BIG-IP variations 14.1.0 and later. Additionally, warning is suggested to these with a FIPS 140-2 Compliant Mode license, because the mitigation script may cause FIPS integrity verify failures.

To use the mitigation utilizing the F5-provided script, observe the under steps:

  1. Obtain and save the script to the affected BIG-IP system
  2. Rename the .txt file to have the .sh extension, like, for instance, ‘mitigation.sh’.
  3. Log in to the command line of the affected BIG-IP system as the foundation person
  4. Use the chmod utility to make the script executable (‘chmod +x /root/mitigation.sh && contact /root/mitigation.sh’)
  5. Execute the script with ‘/root/mitigation.sh’

VIPRION, vCMP visitors on VIPRION, and BIG-IP tenants on VELOS should run the script individually on every blade. 

If a administration IP handle hasn’t been assigned on every blade, chances are you’ll hook up with the serial console to run it.

See also  Microsoft January 2024 Patch Tuesday fixes 49 flaws, 12 RCE bugs

As F5 BIG-IP gadgets are utilized by governments, Fortune 500 companies, banks, service suppliers, and main client manufacturers, it’s strongly suggested to use any out there fixes or mitigations to forestall the exploitation of those gadgets.

Praetorian additionally warns that the Site visitors Administration Person Interface ought to by no means be uncovered to the web within the first place.

Sadly, as proven prior to now, the F5 BIG-IP TMUI has been uncovered prior to now, permitting attackers to take advantage of vulnerabilities to wipe gadgets and achieve preliminary entry to networks.

- Advertisment -spot_img
RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

- Advertisment -

Most Popular