Lucene search
F5F5:K000137365HistoryOct 26, 2023 - 12:00 a.m.
K000137365 : BIG-IP Configuration utility authenticated SQL injection vulnerability CVE-2023-46748
2023-10-2600:00:00
my.f5.com
6
authenticated
sql injection
big-ip
configuration utility
vulnerability
network access
arbitrary commands
control plane issue
0.972 High
EPSS
Percentile
99.8%
Security Advisory Description
An authenticated SQL injection vulnerability exists in the BIG-IP Configuration utility. (CVE-2023-46748)
Impact
This vulnerability may allow an authenticated attacker with network access to the Configuration utility through the BIG-IP management port and/or self IP addresses to execute arbitrary system commands. There is no data plane exposure; this is a control plane issue only.
Related
cisa_kev
cisa_kev
F5 BIG-IP Configuration Utility Authentication Bypass Vulnerability
2023-10-31 00:00:00
F5 BIG-IP Configuration Utility SQL Injection Vulnerability
2023-10-31 00:00:00
thn
thn
Alert: F5 Warns of Active Attacks Exploiting BIG-IP Vulnerability
2023-11-01 04:53:00
Microsoft Warns of New 'FalseFont' Backdoor Targeting the Defense Sector
2023-12-22 05:34:00
F5 Issues Warning: BIG-IP Vulnerability Allows Remote Code Execution
2023-10-27 04:23:00
nessus
nessus
f5
f5
cve
cve
CVE-2023-46748
2023-10-26 21:15:08
CVE-2023-46747
2023-10-26 21:15:08
prion
prion
Sql injection
2023-10-26 21:15:00
Design/Logic Flaw
2023-10-26 21:15:00
cvelist
cvelist
nvd
nvd
CVE-2023-46748
2023-10-26 21:15:08
CVE-2023-46747
2023-10-26 21:15:08
githubexploit
githubexploit
cnvd
cnvd
F5 BIG-IP Remote Code Execution Vulnerability (CNVD-2023-82300)
2023-11-01 00:00:00
zdt
zdt
F5 BIG-IP TMUI AJP Smuggling Remote Code Execution Exploit
2023-11-10 00:00:00
packetstorm
packetstorm
F5 BIG-IP TMUI AJP Smuggling Remote Command Execution
2023-11-14 00:00:00
attackerkb
attackerkb
CVE-2023-46747
2023-10-26 00:00:00
CVE-2023-46748
2023-10-26 00:00:00
impervablog
impervablog
Imperva Customers are Protected Against the Latest F5 BIG-IP Vulnerability
2023-10-27 14:45:37
metasploit
metasploit
F5 BIG-IP TMUI AJP Smuggling RCE
2023-10-31 13:55:18
malwarebytes
malwarebytes
nuclei
nuclei
F5 BIG-IP - Unauthenticated RCE via AJP Smuggling
2023-10-29 17:52:25