F5 Networks has issued a security alert about a severe vulnerability in its BIG-IP Configuration utility, identified as CVE-2023-46748.  This vulnerability is an authenticated SQL injection flaw that allows attackers with network access to execute arbitrary system commands.  F5 Networks has categorized this issue under CWE-89, indicating an ‘Improper Neutralization of Special Elements used in an SQL Command’ (SQL Injection) problem. The Vulnerability Details The vulnerability enables authenticated attackers with access to the BIG-IP Configuration utility through the management port and/or self-IP addresses to inject malicious SQL commands.  Although this issue affects the control plane and not the data plane, the possibility of unauthorized command execution raises serious concerns about system security.

Source: GBHackers