F5 Networks has released hotfixes for three vulnerabilities affecting its BIG-IP multi-purpose networking devices/modules, including a critical authentication bypass vulnerability (CVE-2023-46747) that could lead to unauthenticated remote code execution (RCE). About CVE-2023-46747 Discovered and reported by Thomas Hendrickson and Michael Weber of Praetorian Security, CVE-2023-46747 is a request smuggling bug in the Apache JServ Protocol (AJP) used by the vulnerable devices. “This vulnerability may allow an unauthenticated attacker with network access to the BIG-IP system … More
The post F5 fixes critical BIG-IP vulnerability, PoC is public (CVE-2023-46747) appeared first on Help Net Security.
Read the original article: