Wednesday, May 22, 2024

F5 Warns of Active Attacks Targeting BIG-IP SQL injection vulnerability

F5 Networks has issued a security alert about a severe vulnerability in its BIG-IP Configuration utility, identified as CVE-2023-46748. 

This vulnerability is an authenticated SQL injection flaw that allows attackers with network access to execute arbitrary system commands. 

F5 Networks has categorized this issue under CWE-89, indicating an ‘Improper Neutralization of Special Elements used in an SQL Command’ (SQL Injection) problem.

The Vulnerability Details

The vulnerability enables authenticated attackers with access to the BIG-IP Configuration utility through the management port and/or self-IP addresses to inject malicious SQL commands. 

Although this issue affects the control plane and not the data plane, the possibility of unauthorized command execution raises serious concerns about system security.

F5’s Response and Mitigation

F5 Networks has promptly responded to the issue by assigning an ID (1381357) to track the vulnerability. 

They have released an engineering hotfix for affected versions of the BIG-IP system that have not yet reached the End of Software Development. 

Customers impacted by this vulnerability are advised to download the hotfix from the MyF5 Downloads page.

However, since authenticated users carry out the attack, traditional mitigation techniques are limited. 

One suggested temporary measure is to limit access to the Configuration utility, allowing only trusted networks or devices. 

Users can block Configuration utility access through self-IP addresses, reducing the attack surface. 

F5 Networks provides detailed instructions for implementing these temporary mitigations, emphasizing the importance of limiting access for untrusted users.

Indicators of Compromise

F5 Networks has identified indicators of compromise related to this vulnerability. 

Entries in the /var/log/tomcat/catalina.out file, such as java.sql.SQLException and executed shell commands serve as potential signs of exploitation. 

Users are urged to remain vigilant and monitor their systems for any suspicious activities.

Acknowledgments

F5 Networks extends its gratitude to the researchers who reported this issue, adhering to responsible disclosure practices. 

While the company acknowledges the efforts of these researchers, they emphasize the urgency for users to take immediate action to secure their systems.

F5 Networks’ swift response underscores the importance of timely updates and patches in protecting against evolving threats. 

Users of BIG-IP systems are strongly encouraged to apply the provided mitigations and download the necessary hotfix to protect their systems from potential exploitation.

Protect yourself from vulnerabilities using Patch Manager Plus to patch over 850 third-party applications quickly. Try a free trial to ensure 100% security.

Website

Latest articles

Hackers Claiming Access to Qatar National Bank Database

A group of hackers has claimed to have accessed the database of Qatar National...

Cloud-Based Malware Attack Abusing Google Drive & Dropbox

A phishing email with a malicious zip attachment initiates the attack. The zip contains...

OmniVision Technologies Cyber Attack, Hackers Stolen Personal Data in Ransomware Attack

OmniVision Technologies, Inc. (OVT) recently disclosed a significant security breach that compromised its clients'...

Critical Flaw In Confluence Server Let Attackers Execute Arbitrary Code

The widely used team workspace corporate wiki Confluence has been discovered to have a...

Threat Actors Leverage Bitbucket Artifacts to Breach AWS Accounts

In a recent investigation into Amazon Web Services (AWS) security breaches, Mandiant uncovered a...

Hackers Breached Western Sydney University Microsoft 365 & Sharepoint Environments

Western Sydney University has informed approximately 7,500 individuals today of an unauthorized access incident...

Memcyco Report Reveals Only 6% Of Brands Can Protect Their Customers From Digital Impersonation Fraud

Memcyco Inc., provider of digital trust technology designed to protect companies and their customers...
Divya
Divya
Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Free Webinar

Live API Attack Simulation

94% of organizations experience security problems in production APIs, and one in five suffers a data breach. As a result, cyber-attacks on APIs increased from 35% in 2022 to 46% in 2023, and this trend continues to rise.
Key takeaways include:

  • An exploit of OWASP API Top 10 vulnerability
  • A brute force ATO (Account Takeover) attack on API
  • A DDoS attack on an API
  • Positive security model automation to prevent API attacks

Related Articles