Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
attackerkbAttackerKBAKB:AF8EBC70-23B1-472B-907F-6A347F26F2FF
HistoryOct 26, 2023 - 12:00 a.m.

CVE-2023-46748

2023-10-2600:00:00
attackerkb.com
8
cve-2023-46748
big-ip configuration utility
authenticated sql injection
arbitrary system commands
cisa kev
end of technical support
network access

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

9.3 High

AI Score

Confidence

High

0.007 Low

EPSS

Percentile

80.9%

JSON

An authenticated SQL injection vulnerability exists in the BIG-IP Configuration utility which

may allow an authenticated attacker with network access to the Configuration utility through the BIG-IP management port and/or self IP addresses to execute arbitrary system commands.

Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

Recent assessments:

cbeek-r7 at November 01, 2023 6:54am UTC reported:

CISA KEV listed

Assessed Attacker Value: 3
Assessed Attacker Value: 3Assessed Attacker Value: 3

Related

cve 1
prion 1
nessus 2
cvelist 1
nvd 1
cisa_kev 2
thn 1
f5 3
cve
cve
CVE-2023-46748
2023-10-26 21:15:08
prion
prion
Sql injection
2023-10-26 21:15:00
nessus
nessus
F5 Networks BIG-IP : BIG-IP Configuration utility authenticated SQL injection vulnerability (K000137365)
2023-11-02 00:00:00
F5 Networks BIG-IP : Multiple Vulnerabilities (K000137353, K000137365)
2023-10-27 00:00:00
cvelist
cvelist
CVE-2023-46748 BIG-IP Configuration utility authenticated SQL injection vulnerability
2023-10-26 20:05:04
nvd
nvd
CVE-2023-46748
2023-10-26 21:15:08
cisa_kev
cisa_kev
F5 BIG-IP Configuration Utility Authentication Bypass Vulnerability
2023-10-31 00:00:00
F5 BIG-IP Configuration Utility SQL Injection Vulnerability
2023-10-31 00:00:00
thn
thn
Alert: F5 Warns of Active Attacks Exploiting BIG-IP Vulnerability
2023-11-01 04:53:00
f5
f5
K000137368 : Overview of F5 vulnerabilities (October 26, 2023)
2023-10-26 00:00:00
K000137365 : BIG-IP Configuration utility authenticated SQL injection vulnerability CVE-2023-46748
2023-10-26 00:00:00
K000137353 : BIG-IP Configuration utility unauthenticated remote code execution vulnerability CVE-2023-46747
2023-10-26 00:00:00

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

9.3 High

AI Score

Confidence

High

0.007 Low

EPSS

Percentile

80.9%

JSON
Related for AKB:AF8EBC70-23B1-472B-907F-6A347F26F2FF
cve1prion1nessus2cvelist1nvd1cisa_kev2thn1f53