November 1, 2023 at 10:54AM
F5 is warning administrators of their BIG-IP devices about skilled hackers exploiting recently disclosed vulnerabilities. These hackers erase signs of their access and achieve stealthy code execution. Two critical vulnerabilities were identified, and F5 has urged admins to apply available security updates. The vulnerabilities allow for authentication bypass and SQL injection. F5 has observed active exploitation in the wild. The Cybersecurity & Infrastructure Security Agency has added the vulnerabilities to its catalog and advises applying updates. F5 has provided a script to mitigate the remote code execution flaw. It’s important to note that compromised systems may not show the same indicators, and affected devices should be considered compromised.
Key takeaways from the meeting notes:
1. F5 has issued a warning to BIG-IP admins about skilled hackers exploiting two recently disclosed vulnerabilities.
2. The vulnerabilities are an authentication bypass flaw (CVE-2023-46747) and an SQL injection flaw (CVE-2023-46748) in the Configuration utility.
3. The software vendor has updated the bulletins to alert about active exploitation in the wild.
4. CISA has added these vulnerabilities to its KEV catalog and urged federal government agencies to apply updates by November 21, 2023.
5. F5 has provided fixed versions for the impacted software.
6. F5 has published a script to help mitigate the Remote Code Execution (RCE) flaw.
7. Threat actors are using both flaws in combination, so applying the mitigation for one vulnerability may not be enough.
8. BIG-IP devices that haven’t been patched should be treated as compromised.
9. Admins of exposed BIG-IP devices should proceed with cleanup and restoration.
Please note that these takeaways are based on the given meeting notes and may not capture every detail. It is important to refer to the original notes for complete information.