F5 is warning of lively abuse of a essential security flaw in BIG-IP lower than per week after its public disclosure that might outcome within the execution of arbitrary system instructions as a part of an exploit chain.
Tracked as CVE-2023-46747 (CVSS rating: 9.8), the vulnerability permits an unauthenticated attacker with community entry to the BIG-IP system by the administration port to attain code execution. A proof-of-concept (PoC) exploit has since been made out there by ProjectDiscovery.
It impacts the next variations of the software program –
- 17.1.0 (Mounted in 17.1.0.3 + Hotfix-BIGIP-17.1.0.3.0.75.4-ENG)
- 16.1.0 – 16.1.4 (Mounted in 16.1.4.1 + Hotfix-BIGIP-16.1.4.1.0.50.5-ENG)
- 15.1.0 – 15.1.10 (Mounted in 15.1.10.2 + Hotfix-BIGIP-15.1.10.2.0.44.2-ENG)
- 14.1.0 – 14.1.5 (Mounted in 14.1.5.6 + Hotfix-BIGIP-14.1.5.6.0.10.6-ENG)
- 13.1.0 – 13.1.5 (Mounted in 13.1.5.1 + Hotfix-BIGIP-13.1.5.1.0.20.2-ENG)
Now the corporate is alerting that it has “noticed risk actors utilizing this vulnerability to take advantage of CVE-2023-46748,” which refers to an authenticated SQL injection vulnerability within the BIG-IP Configuration utility.
“This vulnerability could permit an authenticated attacker with community entry to the Configuration utility by the BIG-IP administration port and/or self IP addresses to execute arbitrary system instructions,” F5 famous in an advisory for CVE-2023-46748 (CVSS rating: 8.8).
In different phrases, dangerous actors are chaining the 2 flaws to run arbitrary system instructions. To test for indicators of compromise (IoCs) related to the SQL injection flaw, customers are advisable to test the /var/log/tomcat/catalina.out file for suspicious entries like beneath –
{...}
java.sql.SQLException: Column not discovered: 0.
{...)
sh: no job management on this shell
sh-4.2$ <EXECUTED SHELL COMMAND>
sh-4.2$ exit.
The Shadowserver Basis, in a put up on X (previously Twitter), mentioned it has been “seeing F5 BIG-IP CVE-2023-46747 makes an attempt in our honeypot sensors” since October 30, 2023, making it crucial that customers transfer rapidly to use the fixes.
