cve/2023/CVE-2023-46747.md

### [CVE-2023-46747](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46747)
![](https://img.shields.io/static/v1?label=Product&message=BIG-IP&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-288%20Authentication%20Bypass%20Using%20an%20Alternate%20Path%20or%20Channel&color=brighgreen)

### Description

Undisclosed requests may bypass configuration utility authentication, allowing an attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

### POC

#### Reference
- http://packetstormsecurity.com/files/175673/F5-BIG-IP-TMUI-AJP-Smuggling-Remote-Command-Execution.html

#### Github
- https://github.com/0xMarcio/cve
- https://github.com/AliBrTab/CVE-2023-46747-POC
- https://github.com/CVEDB/awesome-cve-repo
- https://github.com/CVEDB/top
- https://github.com/GhostTroops/TOP
- https://github.com/MD-SEC/MDPOCS
- https://github.com/Marco-zcl/POC
- https://github.com/Ostorlab/KEV
- https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors
- https://github.com/RevoltSecurities/CVE-2023-22518
- https://github.com/RevoltSecurities/CVE-2023-22527
- https://github.com/RevoltSecurities/CVE-2023-46747
- https://github.com/Threekiii/CVE
- https://github.com/W01fh4cker/CVE-2023-46747-RCE
- https://github.com/bhaveshharmalkar/learn365
- https://github.com/bijaysenihang/CVE-2023-46747-Mass-RCE
- https://github.com/d4n-sec/d4n-sec.github.io
- https://github.com/f1tao/awesome-iot-security-resource
- https://github.com/fu2x2000/CVE-2023-46747
- https://github.com/getdrive/PoC
- https://github.com/hktalent/TOP
- https://github.com/irgoncalves/awesome-security-articles
- https://github.com/maniak-academy/Mitigate-CVE-2023-46747
- https://github.com/nitish778191/fitness_app
- https://github.com/nomi-sec/PoC-in-GitHub
- https://github.com/nvansluis/test_cve-2023-46747
- https://github.com/sanjai-AK47/CVE-2023-22518
- https://github.com/sanjai-AK47/CVE-2023-22527
- https://github.com/sanjai-AK47/CVE-2023-46747
- https://github.com/tanjiti/sec_profile
- https://github.com/vidura2/cve-2023-46747
- https://github.com/wjlin0/poc-doc
- https://github.com/wy876/POC
- https://github.com/xingchennb/POC-
- https://github.com/y4v4z/CVE-2023-46747-POC
-												Update Sat May 25 21:48:12 CEST 2024

											
										
										
											2024-05-25 21:48:12 +02:00
+								### [CVE-2023-46747](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46747)
 								![](https://img.shields.io/static/v1?label=Product&message=BIG-IP&color=blue)
 								![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
 								![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-288%20Authentication%20Bypass%20Using%20an%20Alternate%20Path%20or%20Channel&color=brighgreen)
 								### Description
 								Undisclosed requests may bypass configuration utility authentication, allowing an attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
 								### POC
 								#### Reference
 								- http://packetstormsecurity.com/files/175673/F5-BIG-IP-TMUI-AJP-Smuggling-Remote-Command-Execution.html
 								#### Github
-												Update CVE sources 2024-06-22 09:37

											
										
										
											2024-06-22 09:37:59 +00:00
+								- https://github.com/0xMarcio/cve
-												Update Sat May 25 21:48:12 CEST 2024

											
										
										
											2024-05-25 21:48:12 +02:00
+								- https://github.com/AliBrTab/CVE-2023-46747-POC
 								- https://github.com/CVEDB/awesome-cve-repo
 								- https://github.com/CVEDB/top
 								- https://github.com/GhostTroops/TOP
 								- https://github.com/MD-SEC/MDPOCS
 								- https://github.com/Marco-zcl/POC
 								- https://github.com/Ostorlab/KEV
 								- https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors
-												Update CVE sources 2024-05-28 08:49

											
										
										
											2024-05-28 08:49:17 +00:00
+								- https://github.com/RevoltSecurities/CVE-2023-22518
 								- https://github.com/RevoltSecurities/CVE-2023-22527
 								- https://github.com/RevoltSecurities/CVE-2023-46747
-												Update Sat May 25 21:48:12 CEST 2024

											
										
										
											2024-05-25 21:48:12 +02:00
+								- https://github.com/Threekiii/CVE
 								- https://github.com/W01fh4cker/CVE-2023-46747-RCE
 								- https://github.com/bhaveshharmalkar/learn365
 								- https://github.com/bijaysenihang/CVE-2023-46747-Mass-RCE
 								- https://github.com/d4n-sec/d4n-sec.github.io
 								- https://github.com/f1tao/awesome-iot-security-resource
 								- https://github.com/fu2x2000/CVE-2023-46747
 								- https://github.com/getdrive/PoC
 								- https://github.com/hktalent/TOP
 								- https://github.com/irgoncalves/awesome-security-articles
 								- https://github.com/maniak-academy/Mitigate-CVE-2023-46747
-												Update CVE sources 2024-08-05 18:41

											
										
										
											2024-08-05 18:41:32 +00:00
+								- https://github.com/nitish778191/fitness_app
-												Update Sat May 25 21:48:12 CEST 2024

											
										
										
											2024-05-25 21:48:12 +02:00
+								- https://github.com/nomi-sec/PoC-in-GitHub
 								- https://github.com/nvansluis/test_cve-2023-46747
 								- https://github.com/sanjai-AK47/CVE-2023-22518
 								- https://github.com/sanjai-AK47/CVE-2023-22527
 								- https://github.com/sanjai-AK47/CVE-2023-46747
 								- https://github.com/tanjiti/sec_profile
 								- https://github.com/vidura2/cve-2023-46747
-												Update CVE sources 2024-05-28 08:49

											
										
										
											2024-05-28 08:49:17 +00:00
+								- https://github.com/wjlin0/poc-doc
-												Update Sat May 25 21:48:12 CEST 2024

											
										
										
											2024-05-25 21:48:12 +02:00
+								- https://github.com/wy876/POC
 								- https://github.com/xingchennb/POC-
 								- https://github.com/y4v4z/CVE-2023-46747-POC