Pierluigi Paganini November 01, 2023
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the vulnerabilities CVE-2023-46747 and CVE-2023-46748 in BIG-IP to its Known Exploited Vulnerabilities catalog.
CISA has the two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. The two issues are:
Experts warn that threat actors started exploiting the critical flaw CVE-2023-46747 in F5 BIG-IP installs less than five days after PoC exploit disclosure.
On October 30, F5 updated its original advisory warning that threat actors are actively exploiting the vulnerability. The attackers chain the vulnerability with another flaw in BIG-IP’s configuration utility tracked as CVE-2023-46748 (CVSS score of 8.8).
F5 also released indicators-of-compromise (IoCs) to help defenders to identify potential compromises.
“F5 has observed threat actors using this vulnerability to exploit CVE-2023-46748.” states the advisory. “For indicators of compromise for CVE-2023-46748, please refer to K000137365: BIG-IP Configuration utility authenticated SQL injection vulnerability CVE-2023-46748.”
Praetorian Security updated its blog with additional technical info after the Project Discovery team released the proof of concept on Github.
According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, FCEB agencies have to address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog.
Experts recommend also private organizations review the Catalog and address the vulnerabilities in their infrastructure.
CISA orders federal agencies to fix this flaw by November 21, 2023.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, CISA)