From fc38640dabe45d23e4e724ce14dd559d879fb6c6 Mon Sep 17 00:00:00 2001 From: vcartman Date: Mon, 20 Nov 2023 15:33:48 +0100 Subject: [PATCH] Update _cases/2023/DIVD-2023-00040.md Co-authored-by: Frank Breedijk --- _cases/2023/DIVD-2023-00040.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/_cases/2023/DIVD-2023-00040.md b/_cases/2023/DIVD-2023-00040.md index 3705dffd..85cf43d2 100644 --- a/_cases/2023/DIVD-2023-00040.md +++ b/_cases/2023/DIVD-2023-00040.md @@ -44,7 +44,7 @@ timeline: event: "First version of this casefile" --- ## Summary -On October 26, 2023, F5 released security hotfixes for a critical unauthenticated RCE vulnerability in BIG-IP's Traffic Management User Interface (TMUI). This vulnerability is also tracked as CVE-2023-46747, with a CVSS v3.1 score of 9.8. This vulnerability is exploitable if the TMUI is exposed to the internet. A threat actor with network access to the vulnerable system could bypass the configuration utility authentication and execute arbitrary system command. On October 30, 2023, F5 updated the security advisory in order to warn about active exploitation in the wild. +On October 26, 2023, F5 released security hotfixes for a critical unauthenticated RCE vulnerability in BIG-IP's Traffic Management User Interface (TMUI). This vulnerability is also tracked as {% cve CVE-2023-46747 %}, with a CVSS v3.1 score of 9.8. This vulnerability is exploitable if the TMUI (managmenet web interface) is exposed to the internet. A threat actor with network access to the vulnerable system could bypass the configuration utility authentication and execute arbitrary system commands. On October 30, 2023, F5 updated the security advisory in order to warn about active exploitation in the wild. ## What you can do For starters, it is recommended to restrict access to the Configuration Utility to only trusted networks or devices. F5 introduced Hotfixes in order to fix this issue. F5 provided as well a script that works as workaround to mitigate this vulnerability. This script should only be used if you are not able to apply the relevant security hotfix or you are not able to upgrade to a version that has a security hotfix. However, this script CANNOT be used on any BIG-IP versions prior to 14.1.0. ## What we are doing