F5 BIG-IP Shared Auth Bypass (CVE-2023-46747) for 2023-05-26

Last Updated: 12:00 UTC

CVE-2023-46747 is an authentication bypass via /mgmt/shared/authn/ in the F5 BIG-IP Configuration Utility. When chained with CVE-2023-46748 (SQL injection in the same component) the combination achieves unauthenticated RCE on BIG-IP appliances.

CVE References

CVE-2023-46747

MITRE ATT&CK

Tactic: Initial Access (TA0001)
Technique: T1190 — Exploit Public-Facing Application

Observed URIs

• /mgmt/shared/authn/login

Attackers by Country

IP Address : ASN : City/Provider

• 185.180.143.48 : AS211680 nsec - sistemas informaticos s.a. : Portugal