F5 BIG-IP remote user addition exploit that leverages the authorization bypass vulnerability as called out in CVE-2023-46747.
8e2ae8616e3f49ce4b6b8d7d60b60b5b38f7d2f1025eb35aadd47b408f83606c
This Metasploit module exploits a flaw in F5's BIG-IP Traffic Management User Interface (TMU) that enables an external, unauthenticated attacker to create an administrative user. Once the user is created, the module uses the new account to execute a command payload. Both the exploit and check methods automatically delete any temporary accounts that are created.
bcbdbabc4837b17bad9381305927746284c61e88f6b8675d316eecb578535b4d