CISA and F5 Warn of BIG-IP Security Vulnerabilities Under Active Exploit

F5 has issued an urgent warning to organizations about the active exploitation of two critical security vulnerabilities in BIG-IP, CVE-2023-46747, and CVE-2023-46748. These vulnerabilities could be exploited by attackers to gain remote access to BIG-IP systems and execute arbitrary code.

CVE-2023-46747 is an unauthenticated remote code execution vulnerability that allows attackers with network access to the BIG-IP management port to achieve code execution. Further intensifying the issue, ProjectDiscovery released a proof-of-concept exploit, effectively providing potential malicious actors a roadmap to exploit the flaw.

CVE-2023-46748 is an authenticated SQL injection vulnerability in the BIG-IP Configuration utility that could allow authenticated attackers with network access to the Configuration utility to execute arbitrary system commands.

Both of these vulnerabilities are rated as critical with a CVSS score of 9.8 and 8.8, respectively. This means that they are very easy to exploit and could have a devastating impact on organizations that are affected.

“F5 has observed threat actors using this vulnerability to exploit CVE-2023-46748,” the company warned.

Recognizing the magnitude of the threats these vulnerabilities present, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has fast-tracked these security flaws to its Known Exploited Vulnerabilities (KEV) catalog. With evidence pointing towards active exploitation in the wild, the urgency for action is undeniable.

In a move to fortify the nation’s digital infrastructure, Federal Civilian Executive Branch (FCEB) agencies are under the gun with a deadline of November 21, 2023, to implement patches safeguarding their networks against these looming threats.

F5 has released patches for both vulnerabilities, and organizations are strongly urged to apply them as soon as possible. If patching is not possible immediately, organizations can take the following mitigation steps:

• Restrict access to the BIG-IP management port and/or self-IP addresses. This will limit the number of attackers who can exploit the vulnerabilities.
• Implement strong authentication and authorization controls for the BIG-IP Configuration utility. This will help to prevent attackers from exploiting the SQL injection vulnerability.
• Monitor BIG-IP systems for suspicious activity. If any suspicious activity is detected, organizations should take steps to investigate and remediate the issue immediately.