CVE-2023-46748 - F5 BIG-IP Configuration Utility SQL Injection Vulnerability
CVE-2023-46748
F5 | BIG-IP Configuration Utility
- Date Added:
- 2023-10-31
- Due Date:
- 2023-11-21
- Vulnerability Name
F5 BIG-IP Configuration Utility SQL Injection Vulnerability
- Description
F5 BIG-IP Configuration utility contains an SQL injection vulnerability that may allow an authenticated attacker with network access through the BIG-IP management port and/or self IP addresses to execute system commands. This vulnerability can be used in conjunction with CVE-2023-46747.
- Known To Be Used in Ransomware Campaigns?
Unknown
- Action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
- Additional Notes
- https://my.f5.com/manage/s/article/K000137365 ; https://nvd.nist.gov/vuln/detail/CVE-2023-46748
- Related News Articles
Free security scan for your website