Have some code. Share some code.
Showing results for 
Search instead for 
Did you mean: 
Custom Alert Banner
Code is community submitted, community supported, and recognized as ‘Use At Your Own Risk’.

Short Description

Python script to test if a F5 BIG-IP is vulnerable to cve-2023-46747

Problem solved by this Code Snippet

This script can help to determine if a F5 BIG-IP is vulernable to K000137353: BIG-IP Configuration utility unauthenticated remote code execution vulnerability CVE-2023-46747. 

How to use this Code Snippet

Download the script and run it with Python 3. This script takes as input the F5 BIG-IP management IP-adres.

$ ./
Connecting to
Connected to
Send HTTP-request trying to add an account.
Try to login with new account.
Login successful.
Server is vulnerable to CVE-2023-46747.

Code Snippet Meta Information

  1. Version: 0.1
  2. Coding Language: Python

Full Code Snippet 


Nice! I see that you used the sockets python library as the requests or http.client libraries are good for HTTP API requests but not so much for HTTP attacks as they have constraints like not allowing multiple Host headers etc.

Thanks! You're right, I had to use the socket library to be able to send raw HTTP commands that are not RFC-compliant. 

Version history
Last update:
‎02-Nov-2023 09:27
Updated by: