Forum Discussion

THE_BLUE's avatar
THE_BLUE
Icon for Cirrostratus rankCirrostratus
Oct 30, 2023
Solved

BIG-IP Configuration utility unauthenticated remote code execution vulnerability CVE-2023-46747

F5 annaounce new CVE and there is ENG hotfix only. But there is mitigation as mentioned in below link : https://my.f5.com/manage/s/article/K000137353 where step 1 was: 1-Copy the script below (or ...
application delivery
security
Niels_van_Sluis's avatar
Niels_van_Sluis
Icon for MVP rankMVP
Oct 31, 2023

For step 1: In the example the /root directory is used for the script. So you can save the script in the /root directory.

For step 3: you can also use the following command to create the mitigation.txt.md5 file:

echo 'baeb2859223dba55737f445f1e86a56a  mitigation.txt' > /root/mitigation.txt.md5

Execution of the script doesn't affect the WAF or make the BIG-IP offline. The article says: Impact of procedure: Performing the following procedure has no impact on data plane traffic.