Published on 02 Nov 2023 | Updated on 02 Nov 2023
F5 has released security updates to address a critical vulnerability (CVE-2023-46747) in their BIG-IP Traffic Management User Interface (TMUI). The vulnerability is reportedly being actively exploited and has a Common Vulnerability Scoring System (CVSSv3.1) score of 9.8 out of 10.
Successful exploitation of the vulnerability could allow an unauthenticated attacker with network access to the BIG-IP system through the management port to perform arbitrary code execution.
The vulnerability affects the following product versions:
Users and administrators of affected product versions are advised to update to the latest versions immediately.
If immediate patching is not possible, or you are currently on Version 17.1.1, which is still pending an engineering hotfix, you are advised to perform the mitigation steps listed here: https://my.f5.com/manage/s/article/K000137353
More information is available here: