Carding 4 Carders
Professional
The protection of corporate systems is entirely in the hands of administrators.
F5 has reported on the active exploitation of a critical vulnerability in BIG-IP systems, which we discussed at the end of last week. This breach was designated CVE-2023-46747 and has a critical risk level of 9.8 on the CVSS scale.
As reported, the vulnerability that can lead to the execution of arbitrary system commands in the BIG-IP product has already become part of the chain of real hacker attacks.
The security flaw affects several versions of the software, starting with 13.1.0 and ending with 17.1.0, and fixes have already been released for all the problematic versions.
The company also warned of abuse of a second vulnerability, tracked as CVE-2023-46748. It is a SQL injection vulnerability that requires authentication in the BIG-IP configuration utility.
For both vulnerabilities, we recommend that the released patches be applied immediately. In addition, the company provides instructions for users with detailed signs of compromise to determine whether the above-described SQL injection vulnerability was exploited in a particular network.
Representatives of Shadowserver today reported that since October 30, the organization's Honeypot sensors have repeatedly detected attempts to exploit CVE-2023-46747. Experts stressed the critical need for rapid system updates to prevent attacks.
F5 has reported on the active exploitation of a critical vulnerability in BIG-IP systems, which we discussed at the end of last week. This breach was designated CVE-2023-46747 and has a critical risk level of 9.8 on the CVSS scale.
As reported, the vulnerability that can lead to the execution of arbitrary system commands in the BIG-IP product has already become part of the chain of real hacker attacks.
The security flaw affects several versions of the software, starting with 13.1.0 and ending with 17.1.0, and fixes have already been released for all the problematic versions.
The company also warned of abuse of a second vulnerability, tracked as CVE-2023-46748. It is a SQL injection vulnerability that requires authentication in the BIG-IP configuration utility.
For both vulnerabilities, we recommend that the released patches be applied immediately. In addition, the company provides instructions for users with detailed signs of compromise to determine whether the above-described SQL injection vulnerability was exploited in a particular network.
Representatives of Shadowserver today reported that since October 30, the organization's Honeypot sensors have repeatedly detected attempts to exploit CVE-2023-46747. Experts stressed the critical need for rapid system updates to prevent attacks.
