Skip to content

Commit

Permalink
Update _cases/2023/DIVD-2023-00040.md
Browse files Browse the repository at this point in the history
Co-authored-by: Frank Breedijk <[email protected]>
  • Loading branch information
vcartman and MrSeccubus authored Nov 20, 2023
1 parent 1d2c474 commit 0adc409
Showing 1 changed file with 2 additions and 0 deletions.
2 changes: 2 additions & 0 deletions _cases/2023/DIVD-2023-00040.md
Original file line number Diff line number Diff line change
@@ -46,7 +46,9 @@ timeline:
## Summary

On October 26, 2023, F5 released security hotfixes for a critical unauthenticated RCE vulnerability in BIG-IP's Traffic Management User Interface (TMUI). This vulnerability is also tracked as {% cve CVE-2023-46747 %}, with a CVSS v3.1 score of 9.8. This vulnerability is exploitable if the TMUI (managmenet web interface) is exposed to the internet. A threat actor with network access to the vulnerable system could bypass the configuration utility authentication and execute arbitrary system commands. On October 30, 2023, F5 updated the security advisory in order to warn about active exploitation in the wild.

## What you can do

For starters, it is recommended to restrict access to the Configuration Utility to only trusted networks or devices. F5 introduced Hotfixes in order to fix this issue. F5 provided as well a script that works as workaround to mitigate this vulnerability. This script should only be used if you are not able to apply the relevant security hotfix or you are not able to upgrade to a version that has a security hotfix. However, this script CANNOT be used on any BIG-IP versions prior to 14.1.0.
## What we are doing
DIVD is currently scanning for vulnerable instances connected to the public Internet. Owners of vulnerable systems will receive a notification with instructions to update their system.

0 comments on commit 0adc409

Please sign in to comment.