CVE Vulnerabilities

CVE-2023-46747

Authentication Bypass Using an Alternate Path or Channel

Published: Oct 26, 2023 | Modified: Apr 02, 2025
CVSS 3.x
9.8
CRITICAL
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu

Undisclosed requests may bypass configuration utility authentication, allowing an attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

Weakness

The product requires authentication, but the product has an alternate path or channel that does not require authentication.

Affected Software

Name Vendor Start Version End Version
Big-ip_access_policy_manager F5 13.1.0 (including) 13.1.5 (including)
Big-ip_access_policy_manager F5 14.1.0 (including) 14.1.5 (including)
Big-ip_access_policy_manager F5 15.1.0 (including) 15.1.10 (including)
Big-ip_access_policy_manager F5 16.1.0 (including) 16.1.4 (including)
Big-ip_access_policy_manager F5 17.1.0 (including) 17.1.1 (including)

Potential Mitigations

References