F5 BIG-IP Shared Auth Bypass (CVE-2023-46747) for 2026-02-18

Last Updated: 16:45 UTC

CVE-2023-46747 is an authentication bypass via /mgmt/shared/authn/ in the F5 BIG-IP Configuration Utility. When chained with CVE-2023-46748 (SQL injection in the same component) the combination achieves unauthenticated RCE on BIG-IP appliances.

CVE References

CVE-2023-46747

MITRE ATT&CK

Tactic: Initial Access (TA0001)
Technique: T1190 — Exploit Public-Facing Application

Observed URIs

• /mgmt/shared/authn/login

Attackers by Country

IP Address : ASN : City/Provider

• 185.180.140.6 : ASNone : Portugal

• 185.180.143.48 : AS211680 nsec - sistemas informaticos s.a. : Portugal

• 45.146.165.168 : AS49505 ooo network of data-centers selectel : Moscow

• 64.62.197.142 : AS6939 hurricane electric llc : United States of America

• 65.49.20.93 : AS6939 hurricane electric llc : San Francisco