Python script to test if a F5 BIG-IP is vulnerable to cve-2023-46747

Code is community submitted, community supported, and recognized as ‘Use At Your Own Risk’.

Short Description

Python script to test if a F5 BIG-IP is vulnerable to cve-2023-46747

Problem solved by this Code Snippet

This script can help to determine if a F5 BIG-IP is vulernable to K000137353: BIG-IP Configuration utility unauthenticated remote code execution vulnerability CVE-2023-46747. 

How to use this Code Snippet

Download the script and run it with Python 3. This script takes as input the F5 BIG-IP management IP-adres.

$ ./test_cve-2023-46747.py 10.23.92.6
Connecting to 10.23.92.6:443.
Connected to 10.23.92.6:443.
Send HTTP-request trying to add an account.
Try to login with new account.
Login successful.
Server 10.23.92.6 is vulnerable to CVE-2023-46747.
$

Code Snippet Meta Information

  1. Version: 0.1
  2. Coding Language: Python

Full Code Snippet

https://github.com/nvansluis/test_cve-2023-46747 

Published Nov 02, 2023
Version 1.0
  • Nice! I see that you used the sockets python library as the requests or http.client libraries are good for HTTP API requests but not so much for HTTP attacks as they have constraints like not allowing multiple Host headers etc.

  • Thanks! You're right, I had to use the socket library to be able to send raw HTTP commands that are not RFC-compliant.