Alert: F5 Warns of Active Attacks Exploiting BIG-IP Vulnerability

November 1, 2023 at 02:11AM F5 has warned of active exploitation of a critical security flaw in BIG-IP, allowing attackers to execute arbitrary system commands. The vulnerability, tracked as CVE-2023-46747, affects several versions of the software. Additionally, F5 has observed threat actors using this vulnerability in conjunction with CVE-2023-46748, an authenticated SQL injection flaw. Users … Read more

Attackers Exploiting Critical F5 BIG-IP Vulnerability

October 31, 2023 at 11:51AM Hackers are actively exploiting a critical vulnerability in F5’s BIG-IP product, just five days after its disclosure. The flaw allows for remote code execution and unauthorized access. F5 has released hotfixes and is urging customers to install them immediately. Attackers are also exploiting another vulnerability in BIG-IP’s configuration utility. F5 … Read more

F5 hurriedly squashes BIG-IP remote code execution bug

October 27, 2023 at 01:39PM F5 has released a fix for a critical remote code execution (RCE) vulnerability in its BIG-IP suite, marked with a severity score of 9.8 out of 10. The vulnerability, tracked as CVE-2023-46747, could allow attackers to compromise the system. F5 has advised users to upgrade affected versions to the latest … Read more

F5 fixes BIG-IP auth bypass allowing remote code execution attacks

October 27, 2023 at 11:17AM A critical vulnerability, CVE-2023-46747, has been discovered in the F5 BIG-IP configuration utility. It allows unauthenticated remote code execution by attackers with remote access to the utility. The vulnerability has a CVSS v3.1 score of 9.8. Devices with the Traffic Management User Interface exposed to the internet are at risk. … Read more

F5 Warns of Critical Remote Code Execution Vulnerability in BIG-IP

October 27, 2023 at 10:43AM F5 has issued a warning to customers about a critical vulnerability in its BIG-IP product. The vulnerability, tracked as CVE-2023-46747, allows an unauthenticated attacker to remotely execute arbitrary code. The flaw is closely related to a request smuggling issue in the Apache HTTP Server and can be exploited to gain … Read more