Undisclosed requests may bypass configuration utility authentication, allowing an attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

Project Subscriptions

Vendors Products
Big-ip Access Policy Manager Subscribe
Big-ip Advanced Firewall Manager Subscribe
Big-ip Advanced Web Application Firewall Subscribe
Big-ip Analytics Subscribe
Big-ip Application Acceleration Manager Subscribe
Big-ip Application Security Manager Subscribe
Big-ip Application Visibility And Reporting Subscribe
Big-ip Automation Toolchain Subscribe
Big-ip Carrier-grade Nat Subscribe
Big-ip Container Ingress Services Subscribe
Big-ip Ddos Hybrid Defender Subscribe
Big-ip Domain Name System Subscribe
Big-ip Fraud Protection Services Subscribe
Big-ip Global Traffic Manager Subscribe
Big-ip Link Controller Subscribe
Big-ip Local Traffic Manager Subscribe
Big-ip Policy Enforcement Manager Subscribe
Big-ip Ssl Orchestrator Subscribe
Big-ip Webaccelerator Subscribe
Big-ip Websafe Subscribe
Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Tue, 21 Oct 2025 23:30:00 +0000


Tue, 21 Oct 2025 20:30:00 +0000


Tue, 21 Oct 2025 19:30:00 +0000


Wed, 30 Jul 2025 02:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'Yes', 'Exploitation': 'active', 'Technical Impact': 'Total'}, 'version': '2.0.3'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'active', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Thu, 13 Feb 2025 17:30:00 +0000

Type Values Removed Values Added
Description Undisclosed requests may bypass configuration utility authentication, allowing an attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated Undisclosed requests may bypass configuration utility authentication, allowing an attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

Mon, 10 Feb 2025 23:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

ssvc

{'options': {'Automatable': 'Yes', 'Exploitation': 'active', 'Technical Impact': 'Total'}, 'version': '2.0.3'}


Mon, 03 Feb 2025 17:15:00 +0000

Type Values Removed Values Added
Metrics kev

{'dateAdded': '2023-10-31'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Projects

Sign in to view the affected projects.

cve-icon MITRE

Status: PUBLISHED

Assigner: f5

Published:

Updated: 2025-10-21T23:05:33.431Z

Reserved: 2023-10-25T18:51:34.198Z

Link: CVE-2023-46747

cve-icon Vulnrichment

Updated: 2024-08-02T20:53:21.594Z

cve-icon NVD

Status : Analyzed

Published: 2023-10-26T21:15:08.097

Modified: 2025-10-27T17:07:09.063

Link: CVE-2023-46747

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.

Weaknesses