Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2023-46748
HistoryOct 26, 2023 - 9:15 p.m.

CVE-2023-46748

2023-10-2621:15:08
CWE-89
[email protected]
web.nvd.nist.gov
177
In Wild
21
cve-2023-46748
sql injection
big-ip configuration utility
vulnerability
authenticated attacker
network access
arbitrary system commands
nvd

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

9.4 High

AI Score

Confidence

High

0.007 Low

EPSS

Percentile

80.8%

JSON

An authenticated SQL injection vulnerability exists in the BIG-IP Configuration utility which

may allow an authenticated attacker with network access to the Configuration utility through the BIG-IP management port and/or self IP addresses to execute arbitrary system commands.

Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

Affected configurations

NVD
Node
f5big-ip_access_policy_managerRange13.1.0–13.1.5
OR
f5big-ip_access_policy_managerRange14.1.0–14.1.5
OR
f5big-ip_access_policy_managerRange15.1.0–15.1.10
OR
f5big-ip_access_policy_managerRange16.1.0–16.1.4
OR
f5big-ip_access_policy_managerRange17.1.0–17.1.1
Node
f5big-ip_advanced_firewall_managerRange13.1.0–13.1.5
OR
f5big-ip_advanced_firewall_managerRange14.1.0–14.1.5
OR
f5big-ip_advanced_firewall_managerRange15.1.0–15.1.10
OR
f5big-ip_advanced_firewall_managerRange16.1.0–16.1.4
OR
f5big-ip_advanced_firewall_managerRange17.1.0–17.1.1
Node
f5big-ip_carrier-grade_natRange13.1.0–13.1.5
OR
f5big-ip_carrier-grade_natRange14.1.0–14.1.5
OR
f5big-ip_carrier-grade_natRange15.1.0–15.1.10
OR
f5big-ip_carrier-grade_natRange16.1.0–16.1.4
OR
f5big-ip_carrier-grade_natRange17.1.0–17.1.1
Node
f5big-ip_ddos_hybrid_defenderRange13.1.0–13.1.5
OR
f5big-ip_ddos_hybrid_defenderRange14.1.0–14.1.5
OR
f5big-ip_ddos_hybrid_defenderRange15.1.0–15.1.10
OR
f5big-ip_ddos_hybrid_defenderRange16.1.0–16.1.4
OR
f5big-ip_ddos_hybrid_defenderRange17.1.0–17.1.1
Node
f5big-ip_ssl_orchestratorRange13.1.0–13.1.5
OR
f5big-ip_ssl_orchestratorRange14.1.0–14.1.5
OR
f5big-ip_ssl_orchestratorRange15.1.0–15.1.10
OR
f5big-ip_ssl_orchestratorRange16.1.0–16.1.4
OR
f5big-ip_ssl_orchestratorRange17.1.0–17.1.1
Node
f5big-ip_local_traffic_managerRange13.1.0–13.1.5
OR
f5big-ip_local_traffic_managerRange14.1.0–14.1.5
OR
f5big-ip_local_traffic_managerRange15.1.0–15.1.10
OR
f5big-ip_local_traffic_managerRange16.1.0–16.1.4
OR
f5big-ip_local_traffic_managerRange17.1.0–17.1.1
Node
f5big-ip_policy_enforcement_managerRange13.1.0–13.1.5
OR
f5big-ip_policy_enforcement_managerRange14.1.0–14.1.5
OR
f5big-ip_policy_enforcement_managerRange15.1.0–15.1.10
OR
f5big-ip_policy_enforcement_managerRange16.1.0–16.1.4
OR
f5big-ip_policy_enforcement_managerRange17.1.0–17.1.1
Node
f5big-ip_automation_toolchainRange13.1.0–13.1.5
OR
f5big-ip_automation_toolchainRange14.1.0–14.1.5
OR
f5big-ip_automation_toolchainRange15.1.0–15.1.10
OR
f5big-ip_automation_toolchainRange16.1.0–16.1.4
OR
f5big-ip_automation_toolchainRange17.1.0–17.1.1
Node
f5big-ip_container_ingress_servicesRange13.1.0–13.1.5
OR
f5big-ip_container_ingress_servicesRange14.1.0–14.1.5
OR
f5big-ip_container_ingress_servicesRange15.1.0–15.1.10
OR
f5big-ip_container_ingress_servicesRange16.1.0–16.1.4
OR
f5big-ip_container_ingress_servicesRange17.1.0–17.1.1
Node
f5big-ip_advanced_web_application_firewallRange13.1.0–13.1.5
OR
f5big-ip_advanced_web_application_firewallRange14.1.0–14.1.5
OR
f5big-ip_advanced_web_application_firewallRange15.1.0–15.1.10
OR
f5big-ip_advanced_web_application_firewallRange16.1.0–16.1.4
OR
f5big-ip_advanced_web_application_firewallRange17.1.0–17.1.1
Node
f5big-ip_domain_name_systemRange13.1.0–13.1.5
OR
f5big-ip_domain_name_systemRange14.1.0–14.1.5
OR
f5big-ip_domain_name_systemRange15.1.0–15.1.10
OR
f5big-ip_domain_name_systemRange16.1.0–16.1.4
OR
f5big-ip_domain_name_systemRange17.1.0–17.1.1
Node
f5big-ip_application_security_managerRange13.1.0–13.1.5
OR
f5big-ip_application_security_managerRange14.1.0–14.1.5
OR
f5big-ip_application_security_managerRange15.1.0–15.1.10
OR
f5big-ip_application_security_managerRange16.1.0–16.1.4
OR
f5big-ip_application_security_managerRange17.1.0–17.1.1
Node
f5big-ip_analyticsRange13.1.0–13.1.5
OR
f5big-ip_analyticsRange14.1.0–14.1.5
OR
f5big-ip_analyticsRange15.1.0–15.1.10
OR
f5big-ip_analyticsRange16.1.0–16.1.4
OR
f5big-ip_analyticsRange17.1.0–17.1.1
Node
f5big-ip_application_acceleration_managerRange13.1.0–13.1.5
OR
f5big-ip_application_acceleration_managerRange14.1.0–14.1.5
OR
f5big-ip_application_acceleration_managerRange15.1.0–15.1.10
OR
f5big-ip_application_acceleration_managerRange16.1.0–16.1.4
OR
f5big-ip_application_acceleration_managerRange17.1.0–17.1.1
Node
f5big-ip_application_visibility_and_reportingRange13.1.0–13.1.5
OR
f5big-ip_application_visibility_and_reportingRange14.1.0–14.1.5
OR
f5big-ip_application_visibility_and_reportingRange15.1.0–15.1.10
OR
f5big-ip_application_visibility_and_reportingRange16.1.0–16.1.4
OR
f5big-ip_application_visibility_and_reportingRange17.1.0–17.1.1
Node
f5big-ip_fraud_protection_servicesRange13.1.0–13.1.5
OR
f5big-ip_fraud_protection_servicesRange14.1.0–14.1.5
OR
f5big-ip_fraud_protection_servicesRange15.1.0–15.1.10
OR
f5big-ip_fraud_protection_servicesRange16.1.0–16.1.4
OR
f5big-ip_fraud_protection_servicesRange17.1.0–17.1.1
Node
f5big-ip_global_traffic_managerRange13.1.0–13.1.5
OR
f5big-ip_global_traffic_managerRange14.1.0–14.1.5
OR
f5big-ip_global_traffic_managerRange15.1.0–15.1.10
OR
f5big-ip_global_traffic_managerRange16.1.0–16.1.4
OR
f5big-ip_global_traffic_managerRange17.1.0–17.1.1
Node
f5big-ip_link_controllerRange13.1.0–13.1.5
OR
f5big-ip_link_controllerRange14.1.0–14.1.5
OR
f5big-ip_link_controllerRange15.1.0–15.1.10
OR
f5big-ip_link_controllerRange16.1.0–16.1.4
OR
f5big-ip_link_controllerRange17.1.0–17.1.1
Node
f5big-ip_webacceleratorRange13.1.0–13.1.5
OR
f5big-ip_webacceleratorRange14.1.0–14.1.5
OR
f5big-ip_webacceleratorRange15.1.0–15.1.10
OR
f5big-ip_webacceleratorRange16.1.0–16.1.4
OR
f5big-ip_webacceleratorRange17.1.0–17.1.1
Node
f5big-ip_websafeRange13.1.0–13.1.5
OR
f5big-ip_websafeRange14.1.0–14.1.5
OR
f5big-ip_websafeRange15.1.0–15.1.10
OR
f5big-ip_websafeRange16.1.0–16.1.4
OR
f5big-ip_websafeRange17.1.0–17.1.1

CNA Affected

[
  {
    "defaultStatus": "unknown",
    "modules": [
      "All Modules"
    ],
    "product": "BIG-IP",
    "vendor": "F5",
    "versions": [
      {
        "changes": [
          {
            "at": "Hotfix-BIGIP-17.1.0.3.0.75.4-ENG.iso",
            "status": "unaffected"
          },
          {
            "at": "Hotfix-BIGIP-17.1.1.0.2.6-ENG.iso",
            "status": "unaffected"
          }
        ],
        "lessThan": "*",
        "status": "affected",
        "version": "17.1.0",
        "versionType": "semver"
      },
      {
        "changes": [
          {
            "at": "Hotfix-BIGIP-16.1.4.1.0.50.5-ENG.iso",
            "status": "unaffected"
          }
        ],
        "lessThan": "*",
        "status": "affected",
        "version": "16.1.0",
        "versionType": "semver"
      },
      {
        "changes": [
          {
            "at": "Hotfix-BIGIP-15.1.10.2.0.44.2-ENG.iso",
            "status": "unaffected"
          }
        ],
        "lessThan": "*",
        "status": "affected",
        "version": "15.1.0",
        "versionType": "semver"
      },
      {
        "changes": [
          {
            "at": "Hotfix-BIGIP-14.1.5.6.0.10.6-ENG.iso",
            "status": "unaffected"
          }
        ],
        "lessThan": "*",
        "status": "affected",
        "version": "14.1.0",
        "versionType": "semver"
      },
      {
        "changes": [
          {
            "at": "Hotfix-BIGIP-13.1.5.1.0.20.2-ENG.iso",
            "status": "unaffected"
          }
        ],
        "lessThan": "*",
        "status": "affected",
        "version": "13.1.0",
        "versionType": "semver"
      }
    ]
  }
]

Social References

More

Related

prion 1
cvelist 1
nvd 1
nessus 2
attackerkb 1
f5 3
cisa_kev 2
thn 1
prion
prion
Sql injection
2023-10-26 21:15:00
cvelist
cvelist
CVE-2023-46748 BIG-IP Configuration utility authenticated SQL injection vulnerability
2023-10-26 20:05:04
nvd
nvd
CVE-2023-46748
2023-10-26 21:15:08
nessus
nessus
F5 Networks BIG-IP : BIG-IP Configuration utility authenticated SQL injection vulnerability (K000137365)
2023-11-02 00:00:00
F5 Networks BIG-IP : Multiple Vulnerabilities (K000137353, K000137365)
2023-10-27 00:00:00
attackerkb
attackerkb
CVE-2023-46748
2023-10-26 00:00:00
f5
f5
K000137368 : Overview of F5 vulnerabilities (October 26, 2023)
2023-10-26 00:00:00
K000137365 : BIG-IP Configuration utility authenticated SQL injection vulnerability CVE-2023-46748
2023-10-26 00:00:00
K000137353 : BIG-IP Configuration utility unauthenticated remote code execution vulnerability CVE-2023-46747
2023-10-26 00:00:00
cisa_kev
cisa_kev
F5 BIG-IP Configuration Utility Authentication Bypass Vulnerability
2023-10-31 00:00:00
F5 BIG-IP Configuration Utility SQL Injection Vulnerability
2023-10-31 00:00:00
thn
thn
Alert: F5 Warns of Active Attacks Exploiting BIG-IP Vulnerability
2023-11-01 04:53:00

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

9.4 High

AI Score

Confidence

High

0.007 Low

EPSS

Percentile

80.8%

JSON
Related for CVE-2023-46748
prion1cvelist1nvd1nessus2attackerkb1f53cisa_kev2thn1