F5 is warning of energetic abuse of a critical security flaw in Significant-IP fewer than a 7 days after its public disclosure that could end result in the execution of arbitrary process instructions as aspect of an exploit chain.
Tracked as CVE-2023-46747 (CVSS rating: 9.8), the vulnerability permits an unauthenticated attacker with network access to the Big-IP process as a result of the management port to reach code execution. A proof-of-concept (PoC) exploit has given that been built obtainable by ProjectDiscovery.
It impacts the next versions of the program –
- 17.1. (Fixed in 17.1..3 + Hotfix-BIGIP-17.1..3..75.4-ENG)
- 16.1. – 16.1.4 (Preset in 16.1.4.1 + Hotfix-BIGIP-16.1.4.1..50.5-ENG)
- 15.1. – 15.1.10 (Set in 15.1.10.2 + Hotfix-BIGIP-15.1.10.2..44.2-ENG)
- 14.1. – 14.1.5 (Mounted in 14.1.5.6 + Hotfix-BIGIP-14.1.5.6..10.6-ENG)
- 13.1. – 13.1.5 (Set in 13.1.5.1 + Hotfix-BIGIP-13.1.5.1..20.2-ENG)
Now the corporation is alerting that it has “noticed danger actors utilizing this vulnerability to exploit CVE-2023-46748,” which refers to an authenticated SQL injection vulnerability in the Huge-IP Configuration utility.
“This vulnerability may possibly make it possible for an authenticated attacker with network entry to the Configuration utility as a result of the Massive-IP administration port and/or self IP addresses to execute arbitrary technique commands,” F5 pointed out in an advisory for CVE-2023-46748 (CVSS rating: 8.8).
In other terms, poor actors are chaining the two flaws to operate arbitrary method instructions. To look at for indicators of compromise (IoCs) linked with the SQL injection flaw, buyers are advised to verify the /var/log/tomcat/catalina.out file for suspicious entries like underneath
…
java.sql.SQLException: Column not observed: .
{…)
sh: no occupation management in this shell
sh-4.2$
Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.
Some parts of this article are sourced from:
thehackernews.com