F5 BIG-IP Shared Auth Bypass (CVE-2023-46747) for 2022-05-09

Last Updated: 12:00 UTC

CVE-2023-46747 is an authentication bypass via /mgmt/shared/authn/ in the F5 BIG-IP Configuration Utility. When chained with CVE-2023-46748 (SQL injection in the same component) the combination achieves unauthenticated RCE on BIG-IP appliances.

CVE References

CVE-2023-46747

MITRE ATT&CK

Tactic: Initial Access (TA0001)
Technique: T1190 — Exploit Public-Facing Application

Observed URIs

• /mgmt/shared/authn/login

Attackers by Country

IP Address : ASN : City/Provider

• 64.62.197.142 : AS6939 hurricane electric llc : United States of America