What We Do
How We Do
Get Started
Security advisories

F5 BIG-IP Vulnerabilities Exploited (CVE-2023-46747, CVE-2023-46748)

November 1, 2023 | 2 MINS READ

Speak With A Security Expert Now



On November 1st, 2023, F5 confirmed that two recently disclosed vulnerabilities are under active exploitation. Organizations using F5 BIG-IP products are strongly recommended to apply security patches for impacted products immediately, to minimize the likelihood of exploitation.

The two vulnerabilities that were disclosed by F5 on October 26th and are tracked as CVE-2023-46747 and CVE-2023-46748.

As exploitation has been confirmed, organizations using the BIG-IP product suite need to apply security patches or the alternative mitigations provided by F5 immediately.

What we’re doing about it

What you should do about it

Additional information

According to F5, CVE-2023-46747 and CVE-2023-46748 were observed, being chained together, in real-world attacks. No other details on exploitation or real-world attacks have been shared at this time.

An authenticated SQL injection vulnerability, CVE-2023-46748, has been discovered in the BIG-IP Configuration utility. This vulnerability allows an authenticated attacker, with network access to the Configuration utility through the BIG-IP management port and/or self IP addresses, to execute arbitrary system commands. The vulnerability is a control plane issue only, and there's no data plane exposure.

An authenticated remote code execution vulnerability, CVE-2023-46747, has been identified in the BIG-IP configuration utility. This vulnerability permits an authenticated attacker, with network access to the configuration utility via the BIG-IP Management port and/or self IP addresses, to run arbitrary code on the system. The vulnerability impacts only the control plane, with no exposure to the data plane.

Fixes for CVE-2023-46748 are available for some versions and pending for others. Engineering hotfixes have been provided for affected BIG-IP versions.

The following BIG-IP versions have been identified as vulnerability to both CVE-2023-46747 and CVE-2023-46748:

Additionally, F5 observed threat actors using CVE-2023-46748 in combination with CVE-2023-46747. Indicators of compromise related to CVE-2023-46748 include specific entries in the /var/log/tomcat/catalina.out file.


[1] https://my.f5.com/manage/s/article/K000137353
[2] https://my.f5.com/manage/s/article/K000137365

View Most Recent Advisories