Skip to main content

Public advisory of scammers impersonating CSA and the SPF

Stay vigilant. Read the public advisory

Cyber Security Agency of Singapore
  1. Home
  2. Alerts & Advisories
  3. Alerts
  4. Critical Vulnerability in F5's BIG-IP Traffic Management User Interface (TMUI)
Alerts

Critical Vulnerability in F5's BIG-IP Traffic Management User Interface (TMUI)

2 November 2023

F5 has released security updates to address a critical vulnerability (CVE-2023-46747) in their BIG-IP Traffic Management User Interface (TMUI). The vulnerability is reportedly being actively exploited and has a Common Vulnerability Scoring System (CVSSv3.1) score of 9.8 out of 10.

Successful exploitation of the vulnerability could allow an unauthenticated attacker with network access to the BIG-IP system through the management port to perform arbitrary code execution.

 The vulnerability affects the following product versions:

  • Versions 17.1.0 - 17.1.1

  • Versions 16.1.0 - 16.1.4

  • Versions 15.1.0 - 15.1.10

  • Versions 14.1.0 - 14.1.5

  • Versions 13.1.0 - 13.1.5

Users and administrators of affected product versions are advised to update to the latest versions immediately.

If immediate patching is not possible, or you are currently on Version 17.1.1, which is still pending an engineering hotfix, you are advised to perform the mitigation steps listed here:  https://my.f5.com/manage/s/article/K000137353

More information is available here:

https://www.bleepingcomputer.com/news/security/hackers-exploit-recent-f5-big-ip-flaws-in-stealthy-attacks/

https://thehackernews.com/2023/11/alert-f5-warns-of-active-attacks.html 

https://my.f5.com/manage/s/article/K000137353

Back to top