Security News > 2023 > November > Alert: F5 Warns of Active Attacks Exploiting BIG-IP Vulnerability
2023-11-01 04:53
F5 is warning of active abuse of a critical security flaw in BIG-IP less than a week after its public disclosure that could result in the execution of arbitrary system commands as part of an exploit chain. Tracked as CVE-2023-46747 (CVSS score: 9.8), the vulnerability allows an unauthenticated attacker with network access to the BIG-IP system through the management port to achieve code execution
News URL
https://thehackernews.com/2023/11/alert-f5-warns-of-active-attacks.html
Related news
- CISA Warns of Threat Actors Exploiting F5 BIG-IP Cookies for Network Reconnaissance (source)
- CISA: Hackers abuse F5 BIG-IP cookies to map internal servers (source)
- CISA Adds ScienceLogic SL1 Vulnerability to Exploited Catalog After Active Zero-Day Attack (source)
- FortiManager critical vulnerability under active attack (source)
- Cisco Issues Urgent Fix for ASA and FTD Software Vulnerability Under Active Attack (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-26 | CVE-2023-46747 | Missing Authentication for Critical Function vulnerability in F5 products Undisclosed requests may bypass configuration utility authentication, allowing an attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | 9.8 |