Vulnerability detail
Enriched intelligence for a single CVE
Critical
CVE-2023-46747
PUBLISHEDBIG-IP Configuration utility unauthenticated remote code execution vulnerability
- Vendor
- F5
- Product
- BIG-IP
- Published
- Oct 26, 2023
- EPSS
- —
Description
Undisclosed requests may bypass configuration utility authentication, allowing an attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
CVSS scores
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
SSVC decision points
- Exploitation
- active
- Automatable
- Yes
- Technical impact
- total
Known exploited vulnerability sources
Catalogues that list this CVE as a known exploited vulnerability.
| Source | Added |
|---|---|
| CISA | Oct 31, 2023 |
Scanner integrations
| Scanner | Reference | Detected |
|---|---|---|
| Metasploit | https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/f5_bigip_tmui_rce_cve_2023_46747.rb | Apr 28, 2025 |
| Nuclei | https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2023/CVE-2023-46747.yaml | Apr 25, 2025 |
Potential proof of concepts
These PoCs are unverified and could contain malware. Use at your own risk.
github · Created 2023-11-03 13:31:11 UTC · 3 stars
An Exploitation script developed to exploit the CVE-2023-46747 which Pre Auth Remote Code Execution of f5-BIG Ip producs
github · Created 2023-11-01 14:57:20 UTC · 2 stars
github · Created 2023-11-01 09:31:05 UTC · 203 stars
exploit for f5-big-ip RCE cve-2023-46747
github · Created 2023-10-30 15:50:46 UTC · 9 stars
F5 BIG-IP unauthenticated remote code execution (RCE) and authentication bypass vulnerability!
Timeline
-
CVE ID Reserved
-
CVE Published to Public
-
Exploit Used in Malware
-
Added to KEVIntel
-
Detected by Nuclei
-
Detected by Metasploit