The U.S. Cybersecurity and Infrastructure Security Agency (CISA) the vulnerabilities and in BIG-IP to its .
CISA has the two new vulnerabilities to its , based on evidence of active exploitation. The two issues are:
Experts warn that threat actors started exploiting the critical flaw CVE-2023-46747 in F5 BIG-IP installs less than five days after PoC exploit disclosure.
On October 30, F5 updated its original warning that threat actors are actively exploiting the vulnerability. The attackers chain the vulnerability with another flaw in BIG-IP’s configuration utility tracked as (CVSS score of 8.8).
F5 also released indicators-of-compromise (IoCs) to help defenders to identify potential compromises.
“F5 has observed threat actors using this vulnerability to exploit CVE-2023-46748.” . “For indicators of compromise for CVE-2023-46748, please refer to .”
Praetorian Security its blog with additional technical info after the Project Discovery team released the .
According to , FCEB agencies have to address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog.
Experts recommend also private organizations review the and address the vulnerabilities in their infrastructure.
CISA orders federal agencies to fix this flaw by November 21, 2023.
Follow me on Twitter: and and Mastodon
(SecurityAffairs – hacking, CISA)