Alert F5 Warns of Active Attacks Exploiting BIG-IP Vulnerability


Less than a week after it was made public, F5 is alerting users to the active abuse of a severe security weakness in BIG-IP that might lead to the execution of arbitrary system instructions as part of an exploit chain. F5 stated in an advisory for CVE-2023-46748 (CVSS score: 8.8) that “this vulnerability may allow an authenticated attacker with network access to the Configuration utility through the BIG-IP management port and/or self IP addresses to execute arbitrary system commands.”

The vulnerability, identified as CVE-2023-46747 (CVSS score: 9.8), enables code execution by an unauthorized attacker who has network access to the BIG-IP system via the management port. ProjectDiscovery has since released a proof-of-concept (PoC) exploit.

Read More…