F5 BIG-IP Vulnerabilities actively exploited by hacker groups
Take action: If you are using F5 BIG-IP and still haven't patched it, start ASAP. Hackers are already scanning for your systems.
F5 Networks reported two critical security flaws within their BIG-IP product line that could potentially permit unauthorized SQL injections and eremote code execution.
The RCE flaw,, is particularly problematic because it can be utilized at the initial stages of a cyberattack. The SQL injection flaw, cataloged as CVE-2023-46748, necessitates that the attacker has authenticated access to the targeted BIG-IP system, which means the attacker needs valid user credentials. This flaw can be combined with the first flaw for a more complex attack.
The Cybersecurity and Infrastructure Security Agency (CISA) has reported that both vulnerabilities have been exploited. This claim is confirmed by a noticeable surge in internet scans for vulnerable BIG-IP devices, as evidenced by data from the Greynoise service, indicating a heightened interest among cybercriminals following the vulnerabilities' disclosure.
Given the popularity of the BIG-IP systems, relying on the likelihood of oversight by hackers is not a viable security strategy. While patch management can be complex, especially across numerous systems, the risks of delay are significant.