ET EXPLOIT F5 BIG-IP - Successful Password Reset Attempt - Observed Post CVE-2023-46747 Activity - Suricata Rule 2049258 (et/open)

ET EXPLOIT F5 BIG-IP - Successful Password Reset Attempt - Observed Post CVE-2023-46747 Activity

SID: 2049258Rev: 336 viewsHistory

Sourceet/open

CreatedNovember 20, 2023

UpdatedJanuary 20, 2026

Classificationsuccessful-admin

alert http $HOME_NET any -> any any (msg:"ET EXPLOIT F5 BIG-IP - Successful Password Reset Attempt - Observed Post CVE-2023-46747 Activity"; flow:established,to_client; flowbits:isset,ET.CVE-2023-46747.pw.request; http.stat_code; content:"200"; http.response_body; content:"/mgmt/tm/auth/user/"; content:"|22|description|22|"; content:"|22|encryptedPassword|22|"; content:"|22|role|22|"; reference:url,packetstormsecurity.com/files/175673/F5-BIG-IP-TMUI-AJP-Smuggling-Remote-Command-Execution.html; classtype:successful-admin; sid:2049258; rev:3; metadata:attack_target Networking_Equipment, created_at 2023_11_20, deployment Perimeter, deployment SSLDecrypt, performance_impact Low, confidence High, signature_severity Critical, tag CISA_KEV, updated_at 2026_01_20; target:src_ip;)

References

url	packetstormsecurity.com/files/175673/F5-BIG-IP-TMUI-AJP-Smuggling-Remote-Command-Execution.html

Metadata

attack targetNetworking_Equipment

created at2023_11_20

deploymentSSLDecrypt

performance impactLow

confidenceHigh

signature severityCritical

tagCISA_KEV

updated at2026_01_20

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!