F5 BIG-IP Vulnerabilities actively exploited by hacker groups

published: Nov. 2, 2023

Take action: If you are using F5 BIG-IP and still haven't patched it, start ASAP. Hackers are already scanning for your systems.

Learn More

F5 Networks reported two critical security flaws within their BIG-IP product line that could potentially permit unauthorized SQL injections and eremote code execution.

The two identified security issues are tracked as CVE-2023-46747 (CVSS2 score 9.8) - RCE flaw and CVE-2023-46748 (CVSS3 score 8.8) - SQL Injection.

The RCE flaw,, is particularly problematic because it can be utilized at the initial stages of a cyberattack. The SQL injection flaw, cataloged as CVE-2023-46748, necessitates that the attacker has authenticated access to the targeted BIG-IP system, which means the attacker needs valid user credentials. This flaw can be combined with the first flaw for a more complex attack.

The Cybersecurity and Infrastructure Security Agency (CISA) has reported that both vulnerabilities have been exploited. This claim is confirmed by a noticeable surge in internet scans for vulnerable BIG-IP devices, as evidenced by data from the Greynoise service, indicating a heightened interest among cybercriminals following the vulnerabilities' disclosure.

Given the popularity of the BIG-IP systems, relying on the likelihood of oversight by hackers is not a viable security strategy. While patch management can be complex, especially across numerous systems, the risks of delay are significant.

F5 BIG-IP Vulnerabilities actively exploited by hacker groups