23.1 C
London
Tuesday, September 3, 2024

F5 Warns of Assaults Focusing on BIG-IP SQL injection vulnerability


F5 Networks has issued a safety alert a few extreme vulnerability in its BIG-IP Configuration utility, recognized as CVE-2023-46748. 

This vulnerability is an authenticated SQL injection flaw that permits attackers with community entry to execute arbitrary system instructions. 

F5 Networks has categorized this concern below CWE-89, indicating an ‘Improper Neutralization of Particular Components utilized in an SQL Command’ (SQL Injection) downside.

The Vulnerability Particulars

The vulnerability permits authenticated attackers with entry to the BIG-IP Configuration utility via the administration port and/or self-IP addresses to inject malicious SQL instructions. 

Though this concern impacts the management airplane and never the info airplane, the potential of unauthorized command execution raises severe considerations about system safety.

F5’s Response and Mitigation

F5 Networks has promptly responded to the problem by assigning an ID (1381357) to trace the vulnerability. 

They’ve launched an engineering hotfix for affected variations of the BIG-IP system that haven’t but reached the Finish of Software program Growth. 

Clients impacted by this vulnerability are suggested to obtain the hotfix from the MyF5 Downloads web page.

Nonetheless, since authenticated customers perform the assault, conventional mitigation methods are restricted. 

One prompt momentary measure is to restrict entry to the Configuration utility, permitting solely trusted networks or gadgets. 

Customers can block Configuration utility entry via self-IP addresses, lowering the assault floor. 

F5 Networks offers detailed directions for implementing these momentary mitigations, emphasizing the significance of limiting entry for untrusted customers.

Indicators of Compromise

F5 Networks has recognized indicators of compromise associated to this vulnerability. 

Entries within the /var/log/tomcat/catalina.out file, similar to java.sql.SQLException and executed shell instructions function potential indicators of exploitation. 

Customers are urged to stay vigilant and monitor their methods for any suspicious actions.

Acknowledgments

F5 Networks extends its gratitude to the researchers who reported this concern, adhering to accountable disclosure practices. 

Whereas the corporate acknowledges the efforts of those researchers, they emphasize the urgency for customers to take fast motion to safe their methods.

F5 Networks’ swift response underscores the significance of well timed updates and patches in defending towards evolving threats. 

Customers of BIG-IP methods are strongly inspired to use the supplied mitigations and obtain the mandatory hotfix to guard their methods from potential exploitation.

Shield your self from vulnerabilities utilizing Patch Supervisor Plus to patch over 850 third-party purposes shortly. Attempt a free trial to make sure 100% safety.

Latest news
Related news

LEAVE A REPLY

Please enter your comment!
Please enter your name here