On 26 October 2023, F5 released security hotfixes for a critical unauthenticated RCE vulnerability (CVE-2023-46747) in BIG-IP’s Traffic Management User Interface (TMUI). If successfully exploited a threat actor with network access to the vulnerable system could bypass the configuration utility authentication and execute arbitrary system commands. CVE-2023-46747 is exploitable if the Traffic Management User Interface … CVE-2023-46747: Critical Unauthenticated RCE Vulnerability in F5 BIG-IP
Article Link: CVE-2023-46747: Critical Unauthenticated RCE Vulnerability in F5 BIG-IP | Arctic Wolf