ET EXPLOIT F5 BIG-IP - Password Reset Attempt - Observed Post CVE-2023-46747 Activity - Suricata Rule 2049257 (et/open)

ET EXPLOIT F5 BIG-IP - Password Reset Attempt - Observed Post CVE-2023-46747 Activity

SID: 2049257Rev: 352 viewsHistory

Sourceet/open

CreatedNovember 20, 2023

UpdatedJanuary 20, 2026

Classificationattempted-admin

alert http any any -> $HOME_NET any (msg:"ET EXPLOIT F5 BIG-IP - Password Reset Attempt - Observed Post CVE-2023-46747 Activity"; flow:established,to_server; flowbits:set,ET.CVE-2023-46747.pw.request; http.method; content:"PATCH"; http.uri; content:"/mgmt/tm/auth/user/"; startswith; fast_pattern; http.request_body; content:"|22|password|22|"; reference:url,packetstormsecurity.com/files/175673/F5-BIG-IP-TMUI-AJP-Smuggling-Remote-Command-Execution.html; classtype:attempted-admin; sid:2049257; rev:3; metadata:affected_product F5, attack_target Networking_Equipment, created_at 2023_11_20, deployment Perimeter, deployment SSLDecrypt, former_category INFO, performance_impact Low, confidence High, signature_severity Minor, tag CISA_KEV, updated_at 2026_01_20; target:dest_ip;)

References

url	packetstormsecurity.com/files/175673/F5-BIG-IP-TMUI-AJP-Smuggling-Remote-Command-Execution.html

Metadata

affected productF5

attack targetNetworking_Equipment

created at2023_11_20

deploymentSSLDecrypt

former categoryINFO

performance impactLow

confidenceHigh

signature severityMinor

tagCISA_KEV

updated at2026_01_20

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!