Critical Security Flaw Detected in F5 BIG-IP Systems
F5 Networks has issued an urgent warning regarding significant exploitation of a recently disclosed vulnerability in its BIG-IP product line. The alert comes less than a week after the vulnerability was made public, highlighting active abuse that allows cybercriminals to execute arbitrary system commands via an exploit chain.
The vulnerability, identified as CVE-2023-46747, carries a notably high CVSS score of 9.8, indicating its critical nature. This weakness enables unauthenticated attackers with access to the BIG-IP management port to execute arbitrary code on the system. A proof-of-concept exploit has already been made available by ProjectDiscovery, raising alarms about the potential for widespread abuse.
The impact of this vulnerability affects several versions of the software, particularly those in the 17.1, 16.1, 15.1, 14.1, and 13.1 series. F5 has provided fixes in the form of updates and hotfixes for affected versions, underscoring the urgency for users to upgrade their systems to mitigate the risk.
Furthermore, F5 is alerting users to an additional risk associated with CVE-2023-46748, which pertains to an authenticated SQL injection vulnerability within the BIG-IP Configuration utility. This secondary vulnerability, possessing a CVSS score of 8.8, can serve as a means for attackers who gain initial access to run arbitrary commands on the system.
The ongoing exploits show a concerning trend of threat actors chaining these vulnerabilities to maximize their impact. To combat this, users are advised to inspect their system logs, specifically looking at the /var/log/tomcat/catalina.out file for any suspicious entries that could indicate an attack.
The Shadowserver Foundation has noted an increase in attempts to exploit CVE-2023-46747, with such activities detected in their honeypot sensors since October 30, 2023. This underlines the necessity for prompt action from organizations to implement the recommended patches.
In light of these developments, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added both vulnerabilities to its Known Exploited Vulnerabilities catalog, reinforcing the stance that federal agencies must apply vendor-provided patches by November 21, 2023. This action is part of a broader initiative to bolster cybersecurity measures as threats evolve.
In conclusion, businesses utilizing F5 BIG-IP devices are strongly encouraged to assess their systems for vulnerabilities and take immediate corrective actions. As threats become increasingly sophisticated, a proactive approach to cybersecurity is essential in safeguarding organizational assets from malicious exploitation.
