F5 has reported the active operation of a critical vulnerability in BIG-IP systems. This vulnerability, which has been designated as cve-2023-46747, is rated as critical with a score of 9.8 on the CVSS scale.
According to reports, this vulnerability has already been exploited in real hacker attacks. It allows for the execution of arbitrary system commands in the Big-IP product.
The security flaw affects multiple versions of the software, ranging from 13.1.0 to 17.1.0. However, fixes have been released for all affected versions.
In addition, F5 has also issued a warning about another vulnerability, known as cve-2023-46748. This vulnerability involves SQL infection and requires authentication in the Big-IP configuration utility.
Users are strongly advised to immediately install the released patches for both vulnerabilities. F5 has also provided instructions for users to check for signs of compromise related to the SQL infection vulnerability in their networks.
In a related development, Shadowserver Today reported that their honeypot-sensors have detected attacks related to the cve-2023-46747 vulnerability since October 30. They emphasized the critical importance of promptly updating systems to prevent these attacks.