CVE-2023-46747 F5 BIG-IP Exploit | Authentication Bypass

CVE-2023-46747 F5 BIG-IP Exploit | Authentication Bypass

vPython by Prapattimynk

if You Exploited Any, The user:codeb0ss / pass:codeb0ssCVE-2023-46747 is a critical severity authentication bypass vulnerability in F5 BIG-IP that could allow an unauthenticated attacker to achieve re

Android Android 5.0Exploits And POCs
( 818 ratings )
Price: $0
File CVE-2023-46747 F5 BIG-IP Exploit
Publisher Prapattimynk
Genre Exploits And POCs
Size 400kb
File Type Python
Os All
Mod Version Python
Report Report
CVE-2023-46747 F5 BIG-IP Exploit is the most famous version in the CVE-2023-46747 F5 BIG-IP Exploit series of publisher
Download

if You Exploited Any, The user:codeb0ss / pass:codeb0ss

CVE-2023-46747 is a critical severity authentication bypass vulnerability in F5 BIG-IP that could allow an unauthenticated attacker to achieve remote code execution (RCE). The vulnerability impacts the BIG-IP Configuration utility, also known as the TMUI, wherein arbitrary requests can bypass authentication. The vulnerability received a CVSSv3 score of 9.8.

According to the blog post by researchers at Praetorian, a request smuggling vulnerability, CVE-2022-26377 affecting Apache HTTP Server, was acknowledged by F5 in a KB article, but never fixed. This gave the researchers an avenue for exploitation and in their blog post, they detailed that an Apache JServ Protocol (AJP) smuggling bug was leveraged as part of the device compromise to bypass authentication and achieve code execution as the root user. While their blog post contained limited technical details as of October 27, additional details are expected to be released at a later date, once organizations have had adequate time to apply the patch.



Recommended for You

You may also like

Comments

Your email address will not be published. Required fields are marked *

Next Post X
Ads Blocker Image Powered by Code Help Pro

AdBlocker Detected!!!

We have detected that you are using extensions to block ads. Please support us by disabling these ads blocker.