Tech company F5 has warned customers about a critical authentication bypass vulnerability impacting its BIG-IP product line that could result in unauthenticated remote code execution.<\/p>\n
F5 provides services focused on security, reliability, and performance. BIG-IP is a collection of hardware platforms and software solutions that provides a wide range of services, including load balancing, web application firewall, access control, and DDoS protection.<\/p>\n
Two security researchers<\/a> found a critical vulnerability in the configuration utility of several versions of BIG-IP:<\/p>\n In a post, F5 said<\/a>:<\/p>\n “This vulnerability may allow an unauthenticated attacker with network access to the BIG-IP system through the management port and\/or self IP addresses to execute arbitrary system commands.”<\/p>\n<\/blockquote>\n F5 also said customers can also use iHealth<\/a> to check if they are vulnerable.<\/p>\n The Common Vulnerabilities and Exposures (CVE) database lists publicly disclosed computer security flaws. This CVEs is listed as:<\/p>\n CVE-2023-46747<\/a> (CVSS<\/a> score 9.8 out of 10): Undisclosed requests may bypass configuration utility authentication, allowing an attacker with network access to the BIG-IP system through the management port and\/or self IP addresses to execute arbitrary system commands. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.<\/p>\n BIG-IP defines a self IP address as an IP address on the BIG-IP system that you associate with a virtual local area network (VLAN), to access hosts in that VLAN. A customer normally assigns self IP addresses to a VLAN when they initially run the Setup utility on a BIG-IP system.<\/p>\n An authentication bypass happens when someone claims to have a given identity, but the software does not prove or insufficiently proves that the claim is correct.<\/p>\n Remote code execution (RCE) is when an attacker accesses a target computing device and makes changes remotely, no matter where the device is located.<\/p>\n In general you can say that if the BIG-IP Traffic Management User Interface is exposed to the internet, then the system in question is impacted. It’s estimated that there are over 6,000 external-facing instances of the application.<\/p>\n The researchers say exploitation of the vulnerability could lead to a total compromise of the F5 system by executing arbitrary commands as root on the target system.<\/p>\n “A seemingly low impact request smuggling bug can become a serious issue when two different services offload authentication responsibilities onto each other.”<\/p>\n<\/blockquote>\n If you are running a vulnerable version, F5 has a list of updates here<\/a>.<\/p>\n If you can’t install a fixed version for any reason, then F5 advises you can block Configuration utility access through self IP addresses<\/a> or block Configuration utility access through the management interface<\/a>.<\/p>\n We don\u2019t just report on vulnerabilities\u2014we identify them, and prioritize action.<\/strong><\/p>\n Cybersecurity risks should never spread beyond a headline. Keep vulnerabilities in tow by using Malwarebytes Vulnerability and Patch Management<\/a>.<\/p>\n\n
\n
\n
Actions<\/h3>\n
\n