{"uuid": "d025192d-94e2-4290-be97-93d5825f68ed", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-26377", "type": "published-proof-of-concept", "source": "https://t.me/ptswarm/192", "content": "Refresh: Compromising F5 BIG-IP With Request Smuggling | CVE-2023-46747\n\n\ud83d\udc64 by Michael Weber and Thomas Hendrickson\n\nAs a result of the research researchers were able to identify an authentication bypass issue that led to complete compromise of an F5 system with the Traffic Management User Interface (TMUI) exposed. The bypass was assigned CVE-2023-46747, and is closely related to CVE-2022-26377. Like they recently reported Qlik RCE, the F5 vulnerability was also a request smuggling issue. In this blog authors will discuss their methodology for identifying the vulnerability, walk through the underlying issues that caused the bug, and explain the steps they took to turn the request smuggling into a critical risk issue. They will conclude with remediation steps and their thoughts on the overall process.\n\n\ud83d\udcdd Contents:\n\u25cf Overview\n\u25cf Mapping out the F5 BIG-IP Attack Surface\n\u25cf F5 Traffic Management User Interface (TMUI) Overview\n\u25cf Verifying AJP Smuggling\n\u25cf AJP Smuggling and Server Interpretation\n\u25cf But What To Do With the Smuggling?\n\u25cf Remediation\n\u25cf Conclusion\n\u25cf Disclosure Timeline\n\nhttps://www.praetorian.com/blog/refresh-compromising-f5-big-ip-with-request-smuggling-cve-2023-46747/", "creation_timestamp": "2023-10-27T05:50:12.000000Z"}