Fortra’s Alert Logic is actively researching a vulnerability in the F5 BIG-IP system (CVE-2023-46747). This vulnerability allows an unauthenticated attacker with network access to the BIG-IP system through the management port to achieve code execution through HTTP request smuggling.
F5 has published fixes for this vulnerability and urges administrators to update their BIG-IP installation to a version delivering the fix.
Who is affected?
Customers running the following versions of BIG-IP are vulnerable to this attack.
- 17.1.0 - 17.1.1
- 16.1.0 - 16.1.4
- 15.1.0 - 15.1.10
- 14.1.0 - 14.1.5
- 13.1.0 - 13.1.5
What can I do?
F5 has released hotfixes for the following versions of BIG-IP.
Customers are urged to update their version and apply the hotfix released by F5. For more information about vulnerable versions and released fixes, refer to F5’s security advisory.
How is Alert Logic helping me?
Alert Logic is actively researching this threat to build detection capabilities in addition to those listed below.
Network IDS: Alert Logic has released IDS telemetry signatures to aid in detection research.
Log Management: Alert Logic has deployed and is actively monitoring log telemetry related to known IOCs.
Vulnerability Scanning: Alert Logic released unauthenticated scan coverage to identify CVE-2023-46747 through banner detection. If the vulnerability is found, an exposure will be raised for CVE-2023-46747.
Alert Logic has kicked off the Emerging Threat process for this vulnerability. This article will be updated with new information about this vulnerability and related Alert Logic coverage as it becomes available. To follow updates for this vulnerability, click FOLLOW at the top of this article. You must be signed into the Support Center using your Alert Logic product credentials to follow this article.