Customers have been notified by F5 of a serious security flaw in BIG-IP that could lead to unauthorised remote code execution. The configuration utility component is the source of the problem, which has been given the CVE identification CVE-2023-46747 and a CVSS score of 9.8 out of a possible 10.
“This vulnerability may allow an unauthenticated attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands,” F5 stated in a Thursday alert. “There is no data plane exposure; this is a control plane issue only.”