CVE-2023-46747

CVE Database · CVE-2023-46747

CVE-2023-46747

· CRITICALAnalyzed

CVSS v3.1

9.8

EPSS

96.52%

Published

Oct 26, 2023

Modified

Oct 27, 2025

CISA Known Exploited Vulnerability

Added: 2023-10-31 · Due: 2023-11-21

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Public PoC / Exploit (10)

All weaponized →

NucleiNuclei detection template TrickestTrickest PoC index GitHub PoCW01fh4cker/CVE-2023-46747-RCE★208 GitHub PoCnvansluis/test_cve-2023-46747★7 GitHub PoCRazzlemouse/F5-BIG-IP-SmuggleShell-CVE-2023-46747-Exploit★4 GitHub PoCRevoltSecurities/CVE-2023-46747★3 GitHub PoCmaniak-academy/Mitigate-CVE-2023-46747★2 GitHub PoCvidura2/cve-2023-46747★2 GitHub PoCfu2x2000/CVE-2023-46747★0 GitHub PoCrainbowhatrkn/CVE-2023-46747-RCE★0

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Undisclosed requests may bypass configuration utility authentication, allowing an attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-288CWE-306

Affected Products (100)

f5 · big-ip_access_policy_managervulnerable