Critical vulnerability in F5 BIG-IP under active exploitation

Trending 1 month ago
  1. Home
  2. Security
  3. Critical vulnerability in F5 BIG-IP under active exploitation

Vulnerabilities successful F5's BIG-IP suite are already being exploited aft impervious of conception (PoC) codification began circulating online.

The cybersecurity biz confirmed successful an update to its advisory for CVE-2023-46747 that it has grounds of progressive exploitation successful nan wild, little than 5 days aft nan first limited-detail investigation was published by Praetorian.

This captious Apache JServ Protocol (AJP) smuggling vulnerability was what attracted overmuch of nan attraction to F5's BIG-IP configuration inferior past week. It was past bundled into a overmuch larger advisory containing galore different CVEs impacting nan merchandise line.

Among these was CVE-2023-46748, an SQL injection vulnerability pinch an 8.8 severity score. While F5 didn't uncover nan standard of exploitation, it did opportunity that nan AJP smuggling and SQL injection flaws are being exploited together.

Michael Weber, co-author of nan Praetorian investigation which first publicized nan AJP smuggling vulnerability past week, said he suspects F5 knew a larger utilization concatenation was connected nan sky based connected nan study handed to nan institution by a 2nd interrogator astir 2 weeks earlier Praetorian disclosed it to F5.

"Interestingly enough, nan in-the-wild exploitation is utilizing nan SQL injection vulnerability (CVE-2023-46748) successful conjunction pinch nan AJP petition smuggling onslaught to execute access," he said connected Mastodon. "This vulnerability was besides included successful nan aforesaid KB advisory arsenic nan AJP petition smuggling attack. 

"Originally I wasn't judge if nan SQL injection vuln study was nan different information researcher(s) who had besides reported nan AJP petition smuggling contented to F5, but fixed nan measurement this is being exploited successful nan chaotic it judge looks for illustration this is nan case."

  • Get your very ain ransomware empire connected nan cheap, while stocks last
  • US officials adjacent to persuading friends to not salary disconnected ransomware crooks
  • 'Mass exploitation' of Citrix Bleed underway arsenic ransomware crews heap in
  • Now Russians accused of pwning JFK taxi strategy to waste apical spots to cabbies

Researchers often hold aliases withhold cardinal parts of vulnerability investigation from becoming nationalist knowledge done fearfulness of attackers utilizing reports to reverse technologist an utilization for a fixed vulnerability earlier patches tin beryllium applied.

The long-teased vulnerabilities successful curl adopted this approach, allowing a week-long grace play successful which personnel distributions could remediate nan rumor without fearfulness of exploits being developed earlier they could beryllium applied.

The aforesaid was existent pinch Praetorian's investigation from October 26, which omitted galore of nan cardinal specifications of really its researchers were capable to execute distant codification execution (RCE) by exploiting nan APJ smuggling vulnerability.

Regardless, nan first PoC appeared online wrong days of nan incomplete investigation study being published. 

Project Discovery researchers Harsh Jaiswal and Rahul Maini were nan first to create and publish a moving PoC exploit, which was published connected October 29. 

Weber said successful different station that he and his squad spotted a azygous CISA server exposed to nan vulnerability, which was quickly taken down aft he notified nan agency, but galore successful nan telecoms assemblage stay unfastened to attacks.

"For what it's worth, astatine a glimpse location wasn't thing ace insane exposed connected nan net erstwhile we did a check. We did find 1 cisa.gov server, which we notified them astir and it was taken down earlier nan shot started rolling connected this stuff. Lots and tons of telecoms though." ®

Related Article

US and EU infosec authorities pen intel-sharing pact

US and EU infosec authorities pen intel-sharing pact

2 hours ago
Yet another UK public sector data blab, this time info of pregnant women, cancer patients

Yet another UK public sector data blab, this time info of pregnant women, cancer patients

8 hours ago
Belgian man charged with smuggling sanctioned military tech to Russia and China

Belgian man charged with smuggling sanctioned military tech to Russia and China

13 hours ago
Australia building 'top secret' cloud to catch up and link with US, UK intel orgs

Australia building 'top secret' cloud to catch up and link with US, UK intel orgs

16 hours ago
Apple and some Linux distros are open to Bluetooth attack

Apple and some Linux distros are open to Bluetooth attack

23 hours ago
Locking down the edge

Locking down the edge

1 day ago

Trending

1. Warriors
2. Jon Rahm
3. Hanukkah
4. Hanukkah 2023
5. LEGO Fortnite
6. Craig Kimbrel
7. Pearl Harbor Day
8. Game Awards 2023
9. Vivek Ramaswamy
10. Post-traumatic amnesia

Popular Article

Where to watch It’s a Wonderful Life

Where to watch It’s a Wonderful Life

19 hours ago
Australia building 'top secret' cloud to catch up and link with US, UK intel orgs

Australia building 'top secret' cloud to catch up and link with US, UK intel orgs

16 hours ago
Dell XPS 15 is still at its Black Friday and Cyber Monday price

Dell XPS 15 is still at its Black Friday and Cyber Monday price

10 hours ago
Apple and some Linux distros are open to Bluetooth attack

Apple and some Linux distros are open to Bluetooth attack

23 hours ago
The best HDR monitors for gaming, content creation, and more

The best HDR monitors for gaming, content creation, and more

23 hours ago
Belgian man charged with smuggling sanctioned military tech to Russia and China

Belgian man charged with smuggling sanctioned military tech to Russia and China

13 hours ago
English (US) English (US) · Indonesian (ID) Indonesian (ID) ·
About Us · Contact Us · Terms & Conditions · Disclaimer ·

©2023 PAK MEDIA BLOG.
All Rights Reserved.