Security News > 2023 > November > Critical vulnerability in F5 BIG-IP under active exploitation
The cybersecurity biz confirmed in an update to its advisory for CVE-2023-46747 that it has evidence of active exploitation in the wild, less than five days after the initial limited-detail research was published by Praetorian.
This critical Apache JServ Protocol smuggling vulnerability was what attracted much of the attention to F5's BIG-IP configuration utility last week.
Among these was CVE-2023-46748, an SQL injection vulnerability with an 8.8 severity score.
Michael Weber, co-author of the Praetorian research which first publicized the AJP smuggling vulnerability last week, said he suspects F5 knew a larger exploit chain was on the horizon based on the report handed to the company by a second researcher around two weeks before Praetorian disclosed it to F5. "Interestingly enough, the in-the-wild exploitation is using the SQL injection vulnerability in conjunction with the AJP request smuggling attack to achieve access," he said on Mastodon.
Researchers often delay or withhold key parts of vulnerability research from becoming public knowledge through fear of attackers using reports to reverse engineer an exploit for a given vulnerability before patches can be applied.
The same was true with Praetorian's research from October 26, which omitted many of the key details of how its researchers were able to achieve remote code execution by exploiting the APJ smuggling vulnerability.
News URL
https://go.theregister.com/feed/www.theregister.com/2023/11/01/f5_bigip_critical_vulnerability/
Related news
- Critical Flaws in WGS-804HPT Switches Enable RCE and Network Exploitation (source)
- SonicWall Urges Immediate Patch for Critical CVE-2025-23006 Flaw Amid Likely Exploitation (source)
- Cisco fixes ClamAV vulnerability with available PoC and critical Meeting Management flaw (source)
- Zyxel CPE Devices Face Active Exploitation Due to Unpatched CVE-2024-40891 Vulnerability (source)
- Zyxel CPE devices under attack via critical vulnerability without a patch (CVE-2024-40891) (source)
- Microsoft Patches Critical Azure AI Face Service Vulnerability with CVSS 9.9 Score (source)
- Elastic Releases Urgent Fix for Critical Kibana Vulnerability Enabling Remote Code Execution (source)
- Moxa Issues Fix for Critical Authentication Bypass Vulnerability in PT Switches (source)
- Critical PHP RCE vulnerability mass exploited in new attacks (source)
- Meta Warns of FreeType Vulnerability (CVE-2025-27363) With Active Exploitation Risk (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-26 | CVE-2023-46748 | SQL Injection vulnerability in F5 products An authenticated SQL injection vulnerability exists in the BIG-IP Configuration utility which may allow an authenticated attacker with network access to the Configuration utility through the BIG-IP management port and/or self IP addresses to execute arbitrary system commands. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | 8.8 |
| 2023-10-26 | CVE-2023-46747 | Missing Authentication for Critical Function vulnerability in F5 products Undisclosed requests may bypass configuration utility authentication, allowing an attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | 9.8 |