Alert: F5 Warns of Active Attacks Exploiting BIG-IP Vulnerability

Alert: F5 Warns of Active Attacks Exploiting BIG-IP Vulnerability

November 1, 2023 at 02:11AM

F5 has warned of active exploitation of a critical security flaw in BIG-IP, allowing attackers to execute arbitrary system commands. The vulnerability, tracked as CVE-2023-46747, affects several versions of the software. Additionally, F5 has observed threat actors using this vulnerability in conjunction with CVE-2023-46748, an authenticated SQL injection flaw. Users should apply the recommended fixes and check for indicators of compromise associated with the SQL injection flaw.

Key Takeaways from Meeting Notes:

1. F5 has disclosed a critical security flaw (CVE-2023-46747) in BIG-IP software, which allows an unauthenticated attacker with network access to execute arbitrary system commands through the management port.
2. Proof-of-concept exploit (PoC) for CVE-2023-46747 has been made available by ProjectDiscovery.
3. Affected software versions include 17.1.0, 16.1.0 – 16.1.4, 15.1.0 – 15.1.10, 14.1.0 – 14.1.5, and 13.1.0 – 13.1.5.
4. Another vulnerability (CVE-2023-46748), an authenticated SQL injection flaw in the BIG-IP Configuration utility, has also been observed being exploited by threat actors.
5. The two vulnerabilities are being chained together to run arbitrary system commands.
6. Users are advised to check the /var/log/tomcat/catalina.out file for potential indicators of compromise related to the SQL injection flaw.
7. The Shadowserver Foundation has reported attempts of exploiting CVE-2023-46747 since October 30, 2023.
8. Urgent action is recommended to apply the fixes provided by F5.

Please let me know if there is anything else you would like to know.

Full Article