CVE-2023-46747: 
F5 BIG-IP Advanced Firewall Manager vulnerability analysis and mitigation

CVE-2023-46747 is a critical authentication bypass vulnerability affecting F5 BIG-IP's Configuration utility (TMUI). Discovered and disclosed in October 2023, this vulnerability allows an unauthenticated attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands. The vulnerability affects multiple versions of BIG-IP including versions 13.1.0-13.1.5, 14.1.0-14.1.5, 15.1.0-15.1.10, 16.1.0-16.1.4, and 17.1.0 (F5 Advisory, Tenable Blog).

The vulnerability stems from a request smuggling issue related to Apache JServ Protocol (AJP). The exploit leverages CVE-2022-26377, an HTTP request smuggling vulnerability in Apache HTTP Server's modproxyajp module. The attack involves sending specially crafted requests with a 'Transfer-Encoding: chunked, chunked' header, which causes confusion in message interpretation between the frontend and backend services. The vulnerability received a CVSS v3.1 base score of 9.8 (CRITICAL) with vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (Praetorian Blog).

The vulnerability allows attackers to bypass authentication and execute arbitrary system commands with root privileges. This can lead to complete compromise of affected F5 BIG-IP systems, potentially allowing attackers to gain full administrative access and control over the device (Tenable Blog).

F5 has released hotfixes for affected versions and provided a mitigation script for versions 14.1.0 and later. The mitigation script should not be used on versions prior to 14.1.0 or if FIPS 140-2 Compliant Mode license is in use. Organizations are advised to either apply the available patches immediately or implement the recommended mitigation steps, which include blocking access to the Configuration utility through self-IP addresses or the management interface (F5 Advisory).